Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Enhance OVAL check for applicability in bootc env#14027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
vojtapolasek wants to merge4 commits intoComplianceAsCode:master
base:master
Choose a base branch
Loading
fromvojtapolasek:enhance_bootc_applicability

Conversation

@vojtapolasek
Copy link
Collaborator

Description:

  • check also for presence of /run/ostree-booted file
  • I made modifications to both OVAL files - one in shared/applicability/oval, another in shared/checks/oval, I am not sure when the shared/checks/oval/bootc.xml is used, but I think it is a good idea to keep them in sync

Rationale:

Review Hints:

Build content not including this PR:

  1. Run a RHEL VM, install rpm-ostree, bootc
  2. oscap xccdf eval --profile stig --rule xccdf_org.ssgproject.content_rule_enable_dracut_fips_module ssg-rhel9-ds.xml

This should result in "not applicable", although it should be applicable.

Build the content with this PR and repeat steps above.

The result will be probably "fail", but definitely not "not applicable".

@vojtapolasekvojtapolasek added this to the0.1.79 milestoneOct 17, 2025
@vojtapolasekvojtapolasek added the CPE-ALCPE Applicability Language labelOct 17, 2025
@vojtapolasekvojtapolasek changed the titleenhance OVAL check for applicability in bootc envWIP: enhance OVAL check for applicability in bootc envOct 17, 2025
@openshift-ciopenshift-cibot added the do-not-merge/work-in-progressUsed by openshift-ci bot. labelOct 17, 2025
@vojtapolasekvojtapolasek marked this pull request as draftOctober 17, 2025 13:26
@vojtapolasekvojtapolasekforce-pushed theenhance_bootc_applicability branch fromcc0d72d todd8736eCompareNovember 4, 2025 13:55
@vojtapolasekvojtapolasekforce-pushed theenhance_bootc_applicability branch from3fd4564 to117421dCompareNovember 5, 2025 14:04
@vojtapolasekvojtapolasek marked this pull request as ready for reviewNovember 5, 2025 14:13
@vojtapolasek
Copy link
CollaboratorAuthor

I added the Bash and Ansible conditional. Both confirmed with SMEs and also manually checked on regular vs bootc system. They work.

@vojtapolasekvojtapolasek changed the titleWIP: enhance OVAL check for applicability in bootc envEnhance OVAL check for applicability in bootc envNov 5, 2025
@openshift-ciopenshift-cibot removed the do-not-merge/work-in-progressUsed by openshift-ci bot. labelNov 5, 2025
@openshift-ci
Copy link

@vojtapolasek: The following testsfailed, say/retest to rerun all failed tests or/retest-required to rerun all mandatory failed tests:

Test nameCommitDetailsRequiredRerun command
ci/prow/e2e-aws-openshift-platform-compliance117421dlinktrue/test e2e-aws-openshift-platform-compliance
ci/prow/e2e-aws-openshift-node-compliance117421dlinktrue/test e2e-aws-openshift-node-compliance

Full PR test history.Your PR dashboard.

Instructions for interacting with me using PR comments are availablehere. If you have questions or suggestions related to my behavior, please file an issue against thekubernetes-sigs/prow repository. I understand the commands that are listedhere.

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

CPE-ALCPE Applicability Language

Projects

None yet

Milestone

0.1.79

Development

Successfully merging this pull request may close these issues.

Bootc detection easily matches non-bootc systems

1 participant

@vojtapolasek
[8]ページ先頭
©2009-2025 Movatter.jp