add cap_system_chroot capability to Automatus podman container

[vojtapolasek]

Description:

• extend command line parameters when running podman container byAutomatus in container rule mode

Rationale:

recent changes made it impossible to login to a podman container with sshd running without giving this capability to it

Review Hints:

• install RHEL 8.8 machine with the latest compose
• ./build_product rhel8
• cd tests
• ./build_test_container.sh --flavor rhel8
• python3.8 automatus.py rule --container ssg_test_suite configure_ssh_crypto_policy

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

[vojtapolasek]

The mypy tests are failing on F37 and Rawhide. I think this is not related to changes proposed in this PR.

[codeclimate]

Code Climate has analyzed commit a9dd2a7 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 51.7% (0.0% change).

View more on Code Climate.

[jan-cerny]

@vojtapolasek I tried to reproduce the steps in the review hints, I'm on the latest RHEL 8.8 VM, but I got stuck unexpectedly, I got this weird error:

[user@localhost tests]$ python3 automatus.py rule --container ssg_test_suite configure_ssh_crypto_policy
Setting console output to log level INFO
INFO - The base image option has been specified, choosing Podman-based test environment.
INFO - Logging into /home/user/content/tests/logs/rule-custom-2023-02-23-1635/test_suite.log
ERROR - Terminating due to error: Error loading a Rule from /home/user/content/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml: Error extracting macro definitions from '01-general.jinja': ../shared/macros/01-general.jinja.
WARNING - Nothing has been tested!

It's unrelated to this PR because it happens also with the current master branch, but I was wondering if I can verify it. Have you ever encountered a problem like that?

[vojtapolasek]

@jan-cerny I have encountered this as well. You have to install python38-jinja2 and python38-pyyaml and use python3.8 to run automatus.

[jan-cerny]

@vojtapolasek Thanks for the hint! I missed the Python 3.8 fact. Now I was able to sucessfully reproduce the problem in RHEL 8.8 VM and I confirm that this patch fixes this problem. My concern now is: Is it somewhere tracked that Automatus works only with a non-default version of Python on RHEL 8? Specifically Python 3.8? If not, can you file a ticket about it?

[vojtapolasek]

@jan-cerny I have created thiss issue to track it: #10267

[jan-cerny]

thanks for your report