Expected Results :

See CLOUDWF-3830 for some background.

OVAL tests in rhel-7-alt stream for kernel-alt package are being triggered when used on systems/containers which are RHEL 7 only but are using ppc64le arch.

The underlying reasons are this:

• rhel-7-alt uses the same CPE as ordinary RHEL 7 streams
• ppc64le kernels are shipped in ordinary RHEL 7
• ppc64le kernel-alt is shipped in RHEL-7-ALT
• binary packages of kernel-alt package are named same as ordinary kernel packages (i.e. not kernel-alt-XXX)

Due to above reasons - OVAL checks generated for RHEL 7 ALT stream actually return true on ordinary RHEL 7 system with ppc64le arch.

kernel-alt provides 4.x kernels that are more up to date. We might be able to use this information to hardcode additional (semi-hacky)
test which will verify that kernel version is at least 4.0. We might explore other options of making sure the tests only return true on RHEL 7 ALT installations and not otherwise.

Ideally - we'd never have shipped binary packages with same name into the same CPE. But that ship has sailed unfortunately

Business Justification :

It's not clear how else scanners would filter out/exclude these advisories when scanning RHEL 7 systems on alternative architectures.

Additional info:

It's not clear our tests will help clair since it's not really using OVAL parser but implements its own over OVAL comments. Double check they also handle "higher than" rpm version tests somehow.