Re-enable runtime check on network related sysctls

[yuumasato]

Description:

• Re-add the syctl runtime checks to test OCPBUGS-19690: Enable host network to access host sysctls compliance-operator#497

Rationale:

• It seems taht when CO's "scanner" pod has "HostNetwork" option set to true, these sysctls are visible with values matching Host syctls.

• Fixes https://issues.redhat.com/browse/OCPBUGS-19690

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11722
This image was built from commit: 00023fb

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11722

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11722 make deploy-local

[yuumasato]

This is ready for reviews, the fix on Compliance Operator side works.

[xiaojiey]

/lgtm
As this PR has been verified in ComplianceAsCode/compliance-operator#497.

[jan-cerny]

@rhmdnd @Vincent056 Any volunteers?

@yuumasato You'll probably have to rebase this to resolve the CI checks.

[Vincent056]

/lgtm

[yuumasato]

I can rebase the PR, but I'd rather have this one merged after ComplianceAsCode/compliance-operator#497
CC: @Vincent056 @rhmdnd

[yuumasato]

Rebased after merge of ComplianceAsCode/compliance-operator#497
CC: @Vincent056 @rhmdnd

[codeclimate]

Code Climate has analyzed commit 00023fb and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.4% (0.0% change).

View more on Code Climate.

[Vincent056]

/lgtm

[rhmdnd]

/test

[rhmdnd]

/test e2e-aws-rhcos4-high

We should be able to exercise this in the e2e suite now that ComplianceAsCode/compliance-operator#497 landed and should be available through the latest container images in the upstream container registry.

[rhmdnd]

/test e2e-aws-rhcos4-high

[rhmdnd]

/lgtm

e2e assertions worked as expected:

    helpers.go:872: Result - Name: e2e-high-worker-sysctl-net-ipv6-conf-all-accept-ra - Status: PASS - Severity: medium
    helpers.go:1060: Rule e2e-high-worker-sysctl-net-ipv6-conf-all-accept-ra matched expected result
    helpers.go:872: Result - Name: e2e-high-worker-sysctl-net-ipv6-conf-all-accept-redirects - Status: PASS - Severity: medium
    helpers.go:1060: Rule e2e-high-worker-sysctl-net-ipv6-conf-all-accept-redirects matched expected result
    helpers.go:872: Result - Name: e2e-high-worker-sysctl-net-ipv6-conf-all-accept-source-route - Status: PASS - Severity: medium
    helpers.go:1060: Rule e2e-high-worker-sysctl-net-ipv6-conf-all-accept-source-route matched expected result
    helpers.go:872: Result - Name: e2e-high-worker-sysctl-net-ipv6-conf-default-accept-ra - Status: PASS - Severity: medium
    helpers.go:1060: Rule e2e-high-worker-sysctl-net-ipv6-conf-default-accept-ra matched expected result
    helpers.go:872: Result - Name: e2e-high-worker-sysctl-net-ipv6-conf-default-accept-redirects - Status: PASS - Severity: medium
    helpers.go:1060: Rule e2e-high-worker-sysctl-net-ipv6-conf-default-accept-redirects matched expected result
    helpers.go:872: Result - Name: e2e-high-worker-sysctl-net-ipv6-conf-default-accept-source-route - Status: PASS - Severity: medium
    helpers.go:1060: Rule e2e-high-worker-sysctl-net-ipv6-conf-default-accept-source-route matched expected result