From f8a0053f35203552fce36d5c9fdddadad0a31001 Mon Sep 17 00:00:00 2001
From: Ricardo Branco <rbranco@suse.de>
Date: Tue, 26 Mar 2024 16:13:13 +0100
Subject: [PATCH] pc: Add swap unconditionally to hardened tests

---
 tests/publiccloud/img_proof.pm | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/tests/publiccloud/img_proof.pm b/tests/publiccloud/img_proof.pm
index 32a6de9acfe8..73b2929f2e52 100644
--- a/tests/publiccloud/img_proof.pm
+++ b/tests/publiccloud/img_proof.pm
@@ -63,6 +63,24 @@ sub run {
         $instance->ssh_assert_script_run('sudo systemctl restart sshd');
     }
 
+    if (is_hardened) {
+        # Workaround for https://github.com/OpenSCAP/openscap/issues/1796
+        my $swap_file = "/swapfile";
+        my $fstype = $instance->ssh_script_output(cmd => 'findmnt -no fstype /');
+        # Follow steps in https://btrfs.readthedocs.io/en/latest/Swapfile.html
+        my @cmds;
+        push(@cmds, "btrfs subvolume create $swap_file") if ($fstype eq "btrfs");
+        push(@cmds, "truncate -s 0 $swap_file");
+        push(@cmds, "chattr +C $swap_file") if ($fstype eq "btrfs");
+        push(@cmds, "fallocate -l 4G $swap_file");
+        push(@cmds, "chmod 600 $swap_file");
+        push(@cmds, "mkswap $swap_file");
+        push(@cmds, "swapon -v $swap_file");
+        foreach my $cmd (@cmds) {
+            $instance->ssh_assert_script_run("sudo $cmd");
+        }
+    }
+
     my $img_proof = $provider->img_proof(
         instance => $instance,
         tests => $tests,