Merge pull request #2171 from matusmarhefka/bootc_sebool_sce

Extend oscap-bootc to install SCE dependencies
OpenSCAP · Nov 4, 2024 · a7eb860 · a7eb860
2 parents 298d612 + 391d736
commit a7eb860
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/utils/oscap-bootc b/utils/oscap-bootc
@@ -61,6 +61,19 @@ def ensure_sce_installed():
             "installed.")
 
 
+def install_sce_dependencies():
+    required_packages = [
+        "setools-console"  # seinfo is used by the sebool template
+    ]
+    install_cmd = ["dnf", "-y", "install"] + required_packages
+    install_process = subprocess.run(
+        install_cmd, universal_newlines=True,
+        stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+    if install_process.returncode != 0:
+        raise RuntimeError(
+            f"{install_process.stdout}\nFailed to install SCE dependencies.")
+
+
 def add_args(option_args_list, cmd):
     for o, a in option_args_list:
         if a:
@@ -112,6 +125,7 @@ def scan_and_remediate(args):
 def main():
     args = parse_args()
     ensure_sce_installed()
+    install_sce_dependencies()
     pre_scan_fix(args)
     scan_and_remediate(args)