Pass OSCAP_BOOTC_BUILD to remediations #2170
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I have rebased this PR on the top of the latest upstream maint-1.3 branch. |
Starting with this commit, the OSCAP_BOOTC_BUILD environment variable will be passed down to the bash remediation. If this environment variable is set in the caller environment, the Bash remediations will be able to access it and read its value. This will be useful because the bash remediations will be able to contain a condition depending on this variable. Using this feature we can influence the behavior of our Bash remediations in the process of building bootable container images. The `oscap-bootc` utility will export the `OSCAP_BOOTC_BUILD` environment variable and the Bash remeditions will check this variable and for example they will not start systemd services. This commit also adds a small test.
|
I have rebased this PR on the top of the latest upstream maint-1.3 branch. |
matusmarhefka
approved these changes
Oct 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Starting with this commit, the OSCAP_BOOTC_BUILD environment variable will be passed down to the bash remediation. If this environment variable is set in the caller environment, the Bash remediations will be able to access it and read its value. This will be useful because the bash remediations will be able to contain a condition depending on this variable. Using this feature we can influence the behavior of our Bash remediations in the process of building bootable container images. The
oscap-bootcutility will export theOSCAP_BOOTC_BUILDenvironment variable and the Bash remeditions will check this variable and for example they will not start systemd services.This commit also adds a small test.