Merge pull request #12531 from jan-cerny/bootc_bash_remediation_condi…

…tions Add special conditions for bootable containers
ComplianceAsCode · Oct 25, 2024 · 4804243 · 4804243
2 parents 3b3fe36 + 0834570
commit 4804243
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh
@@ -1,3 +1,8 @@
 # platform = multi_platform_all
-systemctl disable --now ctrl-alt-del.target
-systemctl mask --now ctrl-alt-del.target
+if {{{ bash_bootc_build() }}} ; then
+    systemctl disable ctrl-alt-del.target
+    systemctl mask ctrl-alt-del.target
+else
+    systemctl disable --now ctrl-alt-del.target
+    systemctl mask --now ctrl-alt-del.target
+fi
diff --git a/shared/macros/10-bash.jinja b/shared/macros/10-bash.jinja
@@ -2517,3 +2517,19 @@ mkdir -p /etc/dconf/db/{{{ database }}}.d
 chmod -R u=rwX,go=rX /etc/dconf/profile
 (umask 0022 && dconf update)
 {{%- endmacro -%}}
+
+{{#
+This macro defines a conditional expression that is evaluated as true
+if the remediation is performed during a build of a bootable container image.
+#}}
+{{%- macro bash_bootc_build() -%}}
+[[ "$OSCAP_BOOTC_BUILD" == "YES" ]]
+{{%- endmacro -%}}
+
+{{#
+This macro defines a conditional expression that is evaluated as true
+if the remediation is not performed during a build of a bootable container image.
+#}}
+{{%- macro bash_not_bootc_build() -%}}
+[[ "$OSCAP_BOOTC_BUILD" != "YES" ]]
+{{%- endmacro -%}}