Create a product property for bootable containers

Promote the variable `bootable_containers_supported` to a product
property. By default, bootable containers won't be supported.
The RHEL 9 and 10 products will support bootable containers.
This variable can be used at build time in many types of the
code.

products/rhel10/product.yml

@@ -21,6 +21,7 @@ init_system: "systemd"
 # EFI and non-EFI configs are stored in same path, see https://fedoraproject.org/wiki/Changes/UnifyGrubConfig
 
 sshd_distributed_config: "true"
+bootable_containers_supported: "true"
 
 dconf_gdm_dir: "distro.d"
 

products/rhel9/product.yml

@@ -25,6 +25,7 @@ groups:
     name: ssh_keys
 
 sshd_distributed_config: "true"
+bootable_containers_supported: "true"
 
 dconf_gdm_dir: "distro.d"
 

shared/templates/grub2_bootloader_argument/oval.template

@@ -12,7 +12,6 @@
 {{% set system_with_kernel_options_in_etc_default_grub_d = false -%}}
 {{% set system_with_expanded_kernel_options_in_grub_cfg = false -%}}
 {{% set system_with_bios_and_uefi_support = false -%}}
-{{% set bootable_containers_supported = false %}}
 
 {{% if product in ["fedora", "ol9", "rhel9", "rhel10"] -%}}
 {{% set system_with_expanded_kernel_options_in_loader_entries = true %}}
@@ -34,10 +33,6 @@
 {{% set system_with_bios_and_uefi_support = true %}}
 {{%- endif -%}}
 
-{{% if product in ["rhel9", "rhel10"] -%}}
-{{% set bootable_containers_supported = true %}}
-{{%- endif -%}}
-
 <def-group>
   <definition class="compliance" id="{{{ _RULE_ID }}}" version="2">
     {{{ oval_metadata("Ensure " + ARG_NAME_VALUE + " is configured in the kernel line in /etc/default/grub.") }}}
@@ -114,7 +109,7 @@
         </criteria>
       {{%- endif %}}
     </criteria>
-    {{% if bootable_containers_supported %}}
+    {{% if bootable_containers_supported == "true" %}}
       <criteria operator="AND">
         <extend_definition comment="The system is RHEL Image Mode"  definition_ref="bootc" />
         <criterion comment="The {{{ ARG_NAME_VALUE }}} is present in the /usr/lib/bootc/kargs.d/*.toml files"  test_ref="test_grub2_{{{ SANITIZED_ARG_NAME }}}_usr_lib_bootc_kargs_d" />
@@ -319,7 +314,7 @@
   <external_variable comment="Variable defining the value the argument should have" datatype="string" id="{{{ ARG_VARIABLE }}}" version="1" />
 {{% endif %}}
 
-{{% if bootable_containers_supported %}}
+{{% if bootable_containers_supported == "true" %}}
   <ind:textfilecontent54_test id="test_grub2_{{{ SANITIZED_ARG_NAME }}}_usr_lib_bootc_kargs_d"
                               comment="check kernel command line parameters for {{{ ARG_NAME_VALUE }}} for all boot entries."
                               check="at least one" check_existence="at_least_one_exists" version="1">

ssg/constants.py

@@ -457,6 +457,7 @@
 DEFAULT_CHRONY_D_PATH = '/etc/chrony.d/'
 DEFAULT_AUDISP_CONF_PATH = '/etc/audit'
 DEFAULT_SYSCTL_REMEDIATE_DROP_IN_FILE = 'false'
+DEFAULT_BOOTABLE_CONTAINERS_SUPPORTED = 'false'
 
 
 # Constants for OVAL object model

ssg/products.py

@@ -20,6 +20,7 @@
                         DEFAULT_AUDISP_CONF_PATH,
                         DEFAULT_FAILLOCK_PATH,
                         DEFAULT_SYSCTL_REMEDIATE_DROP_IN_FILE,
+                        DEFAULT_BOOTABLE_CONTAINERS_SUPPORTED,
                         PKG_MANAGER_TO_SYSTEM,
                         PKG_MANAGER_TO_CONFIG_FILE,
                         XCCDF_PLATFORM_TO_PACKAGE,
@@ -115,6 +116,9 @@ def _get_implied_properties(existing_properties):
     if "sysctl_remediate_drop_in_file" not in existing_properties:
         result["sysctl_remediate_drop_in_file"] = DEFAULT_SYSCTL_REMEDIATE_DROP_IN_FILE
 
+    if "bootable_containers_supported" not in existing_properties:
+        result["bootable_containers_supported"] = DEFAULT_BOOTABLE_CONTAINERS_SUPPORTED
+
     return result
 
 

tests/data/product_stability/alinux2.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: ALINUX-2
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/alinux3.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: ALINUX-3
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/anolis23.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: ANOLIS-23
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/anolis8.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: ANOLIS-8
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/chromium.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: CHROMIUM
 benchmark_root: ./guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/debian11.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: DEBIAN-11
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/debian12.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: DEBIAN-12
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony/chrony.conf
 chrony_d_path: /etc/chrony/chrony.d/
 cpes:

tests/data/product_stability/eks.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: EKS
 benchmark_root: ../../applications
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/example.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: EXAMPLE
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 components_root: ../../components

tests/data/product_stability/fedora.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: FEDORA
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 components_root: ../../components

tests/data/product_stability/firefox.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: FIREFOX
 benchmark_root: ./guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/macos1015.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: macOS-1015
 benchmark_root: ../../apple_os/
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/ocp4.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: OCP-4
 benchmark_root: ../../applications
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/ol7.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: OL-7
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/ol8.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: OL-8
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/ol9.yml

@@ -10,6 +10,7 @@ auxiliary_key_fingerprint: 982231759C7467065D0CE9B2A7DD07088B4EFBE6
 basic_properties_derived: true
 benchmark_id: OL-9
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/openembedded.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: OPENEMBEDDED
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/opensuse.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: OPENSUSE
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/rhcos4.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: RHCOS-4
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/rhel8.yml

@@ -10,6 +10,7 @@ auxiliary_key_fingerprint: 6A6AA7C97C8890AEC6AEBFE2F76F66C3D4082792
 basic_properties_derived: true
 benchmark_id: RHEL-8
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 centos_major_version: '8'
 centos_pkg_release: 5ccc5b19
 centos_pkg_version: 8483c65d

tests/data/product_stability/rhel9.yml

@@ -10,6 +10,7 @@ auxiliary_key_fingerprint: 7E4624258C406535D56D6F135054E4A45A6340B3
 basic_properties_derived: true
 benchmark_id: RHEL-9
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'true'
 centos_major_version: '9'
 centos_pkg_release: 5ccc5b19
 centos_pkg_version: 8483c65d

tests/data/product_stability/rhv4.yml

@@ -10,6 +10,7 @@ auxiliary_key_fingerprint: 6A6AA7C97C8890AEC6AEBFE2F76F66C3D4082792
 basic_properties_derived: true
 benchmark_id: RHV-4
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/sle12.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: SLE-12
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/sle15.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: SLE-15
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony.conf
 chrony_d_path: /etc/chrony.d/
 cpes:

tests/data/product_stability/ubuntu1604.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: UBUNTU-XENIAL
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony/chrony.conf
 chrony_d_path: /etc/chrony/conf.d/
 cpes:

tests/data/product_stability/ubuntu1804.yml

@@ -7,6 +7,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: UBUNTU-BIONIC
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony/chrony.conf
 chrony_d_path: /etc/chrony/conf.d/
 cpes:

tests/data/product_stability/ubuntu2004.yml

@@ -8,6 +8,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: UBUNTU_20-04
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony/chrony.conf
 chrony_d_path: /etc/chrony/conf.d/
 cpes:

tests/data/product_stability/ubuntu2204.yml

@@ -8,6 +8,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: UBUNTU_22-04
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony/chrony.conf
 chrony_d_path: /etc/chrony/conf.d/
 cpes:

tests/data/product_stability/ubuntu2404.yml

@@ -8,6 +8,7 @@ auid: 1000
 basic_properties_derived: true
 benchmark_id: UBUNTU_24-04
 benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
 chrony_conf_path: /etc/chrony/chrony.conf
 chrony_d_path: /etc/chrony/conf.d/
 components_root: ../../components