Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DO NOT MERGE] Adapt sysctl template for use in oscap-bootc #12543

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

jan-cerny
Copy link
Collaborator

OVAL check in sysctl template consists of 2 parts where the first part checks configuration and second checks the runtime status of the sysctl option. But, when building a bootable container image we face a problem that the runtime status doesn't make sense to check and can't be changed by the remediation. That causes the check after remediation fails and the rule result is error. Therefore, we need to suppress then runtime part of the check when building a bootable container image. Also, we shouldn't attempt to change runtime while building a bootable container image.

Description:

  • Description here. Replace this text. Don't use the italics format!

Rationale:

  • Rationale here. Replace this text. Don't use the italics format!

  • Fixes # Issue number here (e.g. Updating sysctl XCCDF naming #26) or remove this line if no issue exists.

Review Hints:

  • Review hints here. Replace this text. Don't use the italics format!

  • Use this optional section to give any relevant information which could help the reviewer to more quickly and assertively understand and test the changes.

  • Good examples are useful commands, if it is better to review all commits together or in a suggested sequence, any relevant discussion in other PRs or issues, etc.

OVAL check in sysctl template consists of 2 parts where the first part
checks configuration and second checks the runtime status of the sysctl
option. But, when building a bootable container image we face a problem
that the runtime status doesn't make sense to check and can't be changed
by the remediation. That causes the check after remediation fails and
the rule result is error. Therefore, we need to suppress then runtime part of
the check when building a bootable container image. Also, we shouldn't
attempt to change runtime while building a bootable container image.
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Oct 25, 2024
Copy link

openshift-ci bot commented Oct 25, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@jan-cerny jan-cerny added Image Mode Bootable containers and Image Mode RHEL and removed do-not-merge/work-in-progress Used by openshift-ci bot. labels Oct 25, 2024
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

Copy link

codeclimate bot commented Oct 25, 2024

Code Climate has analyzed commit 1fc7fd7 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Image Mode Bootable containers and Image Mode RHEL
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant