From 0e91e73b3fc5e5c50960b0bf277fb72691b936f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Mon, 13 Jan 2025 10:34:51 +0100 Subject: [PATCH] Mark /boot rules as not applicable in bootable containers We will mark rules that checks files in the `/boot/grub2/` directory as not applicable in the bootable containers. The reason is that these files don't exist during the container image build. They are generated from configuration during deployment of the image by the bootc toolset. --- .../bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml | 1 + .../bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml | 1 + .../bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml | 1 + .../bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml | 1 + .../non-uefi/file_permissions_grub2_cfg/rule.yml | 1 + .../bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml | 1 + 6 files changed, 6 insertions(+) diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml index fea605a8699..57897b249d8 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml @@ -50,6 +50,7 @@ fixtext: '{{{ fixtext_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }} srg_requirement: '{{{ srg_requirement_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }}}' +platform: not bootc template: name: file_groupowner diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml index 038ae369e6e..cafcc6d946b 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml @@ -44,6 +44,7 @@ fixtext: '{{{ fixtext_file_group_owner(grub2_boot_path ~ "/user.cfg", "root") }} srg_requirement: '{{{ srg_requirement_file_group_owner(grub2_boot_path ~ "/user.cfg", "root") }}}' +platform: not bootc template: name: file_groupowner diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml index 2bbb3449f7e..6691145cf70 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml @@ -46,6 +46,7 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/grub.cfg", own ocil: |- {{{ ocil_file_owner(file=grub2_boot_path ~ "/grub.cfg", owner="root") }}} +platform: not bootc template: name: file_owner diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml index 9d55b3ded1e..b4f7e80ba4c 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml @@ -39,6 +39,7 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/user.cfg", own ocil: |- {{{ ocil_file_owner(file=grub2_boot_path ~ "/user.cfg", owner="root") }}} +platform: not bootc template: name: file_owner diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml index 9bd39315826..93882cdd694 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml @@ -46,6 +46,7 @@ ocil: |- If properly configured, the output should indicate the following permissions: -rw------- +platform: not bootc template: name: file_permissions diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml index 55653bd8c6d..16aef47e2ae 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml @@ -35,6 +35,7 @@ ocil_clause: '{{{ ocil_clause_file_permissions(file=grub2_boot_path ~ "/user.cfg ocil: |- {{{ ocil_file_permissions(file=grub2_boot_path ~ "/user.cfg", perms="-rw-------") }}} +platform: not bootc template: name: file_permissions