Skip to content

Commit

Permalink
Add option to run particular oscap binary to the oscap-podman wrapper
Browse files Browse the repository at this point in the history
  • Loading branch information
@evgenyz
evgenyz committed Aug 12, 2019
1 parent f6f9767 commit f47770c
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 5 deletions.
11 changes: 8 additions & 3 deletions utils/oscap-podman
100755 → 100644
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,21 +28,26 @@ function usage()
echo "oscap-podman -- Tool for SCAP evaluation of Podman images and containers."
echo
echo "Compliance scan of Podman image:"
echo "$ sudo oscap-podman IMAGE_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]"
echo "$ sudo oscap-podman [--oscap=<OSCAP_BINARY>] IMAGE_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]"
echo
echo "Compliance scan of Podman container:"
echo "$ sudo oscap-podman CONTAINER_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]"
echo "$ sudo oscap-podman [--oscap=<OSCAP_BINARY>] CONTAINER_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]"
echo
echo "See \`man oscap\` to learn more about semantics of OSCAP_ARGUMENT options."
}

OSCAP_BINARY=oscap

if [ $# -lt 1 ]; then
echo "No arguments provided."
usage
die
elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
usage
die
elif [[ "$1" == --oscap=* ]] && [ $# -gt 2 ]; then
OSCAP_BINARY=${1#"--oscap="}
shift
elif [ "$#" -gt 1 ]; then
true
else
Expand Down Expand Up @@ -81,7 +86,7 @@ export OSCAP_PROBE_ARCHITECTURE="$(uname --hardware-platform)"
export OSCAP_EVALUATION_TARGET="$TARGET"
shift 1

oscap "$@"
$OSCAP_BINARY "$@"
EXIT_CODE=$?
podman umount $ID > /dev/null || die
if [ $CLEANUP -eq 1 ]; then
Expand Down
4 changes: 2 additions & 2 deletions utils/oscap-podman.8
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ This script cannot run in rootless mode.
Usage of the tool mimics usage and options of oscap(8) tool.

.SS Compliance scan of Podman container image:
oscap-podman IMAGE_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]
oscap-podman [--oscap=<OSCAP_BINARY>] IMAGE_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]

.SS Compliance scan of Podman container:
oscap-podman CONTAINER_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]
oscap-podman [--oscap=<OSCAP_BINARY>] CONTAINER_NAME OSCAP_ARGUMENT [OSCAP_ARGUMENT...]

Refer to oscap(8) to learn about OSCAP_ARGUMENT options.

Expand Down

0 comments on commit f47770c

Please sign in to comment.