From c77b73a8881a5d82ec50642e2747ab7ede061c94 Mon Sep 17 00:00:00 2001
From: Jakub Rusz <jrusz@redhat.com>
Date: Fri, 24 Nov 2023 13:05:31 +0100
Subject: [PATCH] test/cases: Add workaround for oscap firewalld rules

The oscap remediation is failing due to an issue with remediating the
firewall loopback traffic. The remediation fails and bails out early
resulting in a lower score and causing a regression in the test. This
will need to be fixed on the OpenSCAP side, so as a workaround, we can
remove this rule from the remediation.
---
 test/cases/oscap.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/test/cases/oscap.sh b/test/cases/oscap.sh
index 8044f070fe..823be11b0a 100755
--- a/test/cases/oscap.sh
+++ b/test/cases/oscap.sh
@@ -362,6 +362,8 @@ clean_up
 ###############################
 
 # Write a blueprint for hardened image.
+# TODO: Remove firewalld rules from tailoring once https://github.com/ComplianceAsCode/content/issues/11275 is fixed
+# COMPOSER-2076 is tracking this workaround
 tee "${BLUEPRINT_FILE}" > /dev/null << EOF
 name = "hardened"
 description = "A hardened OpenSCAP image"
@@ -373,7 +375,7 @@ groups = []
 profile_id = "${PROFILE}"
 datastream = "${DATASTREAM}"
 [customizations.openscap.tailoring]
-unselected = ["grub2_password"]
+unselected = ["grub2_password", "firewalld_loopback_traffic_restricted", "firewalld_loopback_traffic_trusted"]
 
 [[customizations.user]]
 name = "${SSH_USER}"