Add sysctl case for FFI

Test case will execute sysctl inside nested container running on top of QM

Jira-URL: https://issues.redhat.com/browse/VROOM-19309
Signed-off-by: weiwang <[email protected]>

Author: weiwang-linda

Diff for: tests/ffi/sysctl/main.fmf

@@ -0,0 +1,6 @@
+summary: Executing sysctl inside nested container running on top of QM
+test: /bin/bash ./test.sh
+duration: 20m
+tag: ffi
+framework: shell
+id: f615d356-9bf9-4de2-a007-7a99eca2bc48

Diff for: tests/ffi/sysctl/test.sh

@@ -0,0 +1,36 @@
+#!/bin/bash -euvx
+
+# shellcheck disable=SC1091
+
+. ../common/prepare.sh
+
+export QM_HOST_REGISTRY_DIR="/var/qm/lib/containers/registry"
+export QM_REGISTRY_DIR="/var/lib/containers/registry"
+
+disk_cleanup
+prepare_test
+reload_config
+
+exec_cmd "podman run -d --rm --replace -d --name ffi-asil \
+          quay.io/centos-sig-automotive/ffi-tools:latest  > /dev/null"
+
+image_id=$(podman images | grep quay.io/centos-sig-automotive/ffi-tools | awk -F " " '{print $3}')
+
+if [ -z $image_id ];then
+   if_error_exit "NO ffi-tools IMAGE!!!"
+   exit 1
+fi
+
+if [ ! -d "${QM_HOST_REGISTRY_DIR}" ]; then
+    exec_cmd "mkdir -p ${QM_HOST_REGISTRY_DIR}"
+    exec_cmd "podman push ${image_id} dir:${QM_HOST_REGISTRY_DIR}/ffi-tools:latest"
+fi
+
+sysctl_num=$(podman exec qm /bin/bash -c \
+               "podman run  --replace --name ffi-qm  dir:${QM_REGISTRY_DIR}/ffi-tools:latest \
+               ./setsysctl 2>&1" | grep -c "sysctl: permission denied on key")
+
+if [ $sysctl_num -ge 5 ];then
+   info_message "Attempt to change OS level are denied successfully inside QM container."
+   exit 0
+fi