test/cases: Add workaround for oscap firewalld rules

The oscap remediation is failing due to an issue with remediating the firewall loopback traffic. The remediation fails and bails out early resulting in a lower score and causing a regression in the test. This will need to be fixed on the OpenSCAP side, so as a workaround, we can remove this rule from the remediation.
osbuild · Nov 24, 2023 · c77b73a · c77b73a
1 parent 5b19bd6
commit c77b73a
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/test/cases/oscap.sh b/test/cases/oscap.sh
@@ -362,6 +362,8 @@ clean_up
 ###############################
 
 # Write a blueprint for hardened image.
+# TODO: Remove firewalld rules from tailoring once https://github.com/ComplianceAsCode/content/issues/11275 is fixed
+# COMPOSER-2076 is tracking this workaround
 tee "${BLUEPRINT_FILE}" > /dev/null << EOF
 name = "hardened"
 description = "A hardened OpenSCAP image"
@@ -373,7 +375,7 @@ groups = []
 profile_id = "${PROFILE}"
 datastream = "${DATASTREAM}"
 [customizations.openscap.tailoring]
-unselected = ["grub2_password"]
+unselected = ["grub2_password", "firewalld_loopback_traffic_restricted", "firewalld_loopback_traffic_trusted"]
 
 [[customizations.user]]
 name = "${SSH_USER}"