Prevent false negative results

With this change will will ensure that the rule will not pass if we are in RHEL Image mode and we have configuration for the classic RHEL mode set in place.
ComplianceAsCode · Dec 19, 2024 · 4077a0e · 4077a0e
1 parent 6626b2d
commit 4077a0e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/shared/templates/grub2_bootloader_argument/oval.template b/shared/templates/grub2_bootloader_argument/oval.template
@@ -38,6 +38,9 @@
     {{{ oval_metadata("Ensure " + ARG_NAME_VALUE + " is configured in the kernel line in /etc/default/grub.") }}}
     <criteria operator="OR">
     <criteria operator="AND">
+      {{% if bootable_containers_supported == "true" %}}
+        <extend_definition comment="The system is RHEL Image Mode" definition_ref="bootc" negate="true" />
+      {{% endif %}}
       {{% if system_with_expanded_kernel_options_in_loader_entries_or_with_options_in_grubenv %}}
       <criterion test_ref="test_grub2_{{{ SANITIZED_ARG_NAME }}}_entries_expanded_or_referenced"
       comment="Check /boot/loader/entries/*.conf files if they contain direct reference to {{{ ARG_NAME_VALUE }}} or if they contain $kernelopts" />
@@ -111,7 +114,7 @@
     </criteria>
     {{% if bootable_containers_supported == "true" %}}
       <criteria operator="AND">
-        <extend_definition comment="The system is RHEL Image Mode"  definition_ref="bootc" />
+        <extend_definition comment="The system is RHEL Image Mode" definition_ref="bootc" />
         <criterion comment="The {{{ ARG_NAME_VALUE }}} is present in the /usr/lib/bootc/kargs.d/*.toml files"  test_ref="test_grub2_{{{ SANITIZED_ARG_NAME }}}_usr_lib_bootc_kargs_d" />
       </criteria>
     {{% endif %}}

diff --git a/shared/templates/grub2_bootloader_argument_absent/oval.template b/shared/templates/grub2_bootloader_argument_absent/oval.template
@@ -34,6 +34,9 @@
     {{{ oval_metadata("Ensure " + ARG_NAME + " is not set in the kernel line in /etc/default/grub.") }}}
     <criteria operator="OR">
     <criteria operator="AND">
+      {{% if bootable_containers_supported == "true" %}}
+        <extend_definition comment="The system is RHEL Image Mode" definition_ref="bootc" negate="true" />
+      {{% endif %}}
       {{% if system_with_kernel_options_in_grubenv -%}}
       {{% if system_with_bios_and_uefi_support -%}}
       <criteria operator="OR">