fix: add mlnx_qos to daemon stig images

[almaslennikov]

No description provided.

[greptile-apps]

Greptile Overview

Greptile Summary

Adds doca-roce-userspace package to both RHEL and Ubuntu STIG daemon images to provide QoS functionality via the mlnx_qos tool.

Key Changes:

• RHEL: Adds rdma-core-devel installation with --nodeps --force, adds doca-roce-userspace package, adds --allowerasing --best flags to DOCA installation, reorganizes RUN layers
• Ubuntu: Simply adds doca-roce-userspace to existing DOCA package installation

Issues Found:

• New use of --force flag on rdma-core-devel installation (line 60 in RHEL Dockerfile) can mask package conflicts and overwrite files

Confidence Score: 3/5

• Generally safe but contains risky package installation patterns that may cause runtime issues
• Ubuntu changes are clean, but RHEL introduces --force flag which can hide dependency issues and file conflicts. The --allowerasing flag may also remove critical packages unexpectedly.
• Pay close attention to Dockerfile.daemon.stig-rhel for the new --nodeps --force usage on rdma-core-devel

Important Files Changed

Filename	Overview
Dockerfile.daemon.stig-rhel	Adds doca-roce-userspace package and rdma-core-devel (with --nodeps --force), restructures package installation layers
Dockerfile.daemon.stig-ubuntu	Adds doca-roce-userspace package to DOCA installation, straightforward change

[greptile-apps]

_{2 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Using --nodeps --force bypasses dependency checking and can lead to broken package installations or runtime issues. Consider documenting why this is necessary.

[greptile-apps]

The STIG hardening script has been commented out. Verify this doesn't compromise the security posture of the STIG image.

[greptile-apps]

_{2 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

--force flag can overwrite existing files and mask package conflicts