diff mbox series

[testsuite,19/24] ci: check for unconfined_t AVCs

Message ID 20220729120229.207584-20-omosnace@redhat.com (mailing list archive)
State Superseded
Delegated to: Ondrej Mosnáček
Headers show
Series Clean up testsuite policy and support running as sysadm_t | expand

Commit Message

Ondrej Mosnacek July 29, 2022, 12:02 p.m. UTC 
These would likely signify a bug in the testsuite policy. Make sure
there are none.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 .github/workflows/checks.yml | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 59076cb..96843e4 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -38,5 +38,7 @@  jobs:
         run: while ! vagrant ssh -- true; do sleep 1s; done
       - name: Run SELinux testsuite
         run: vagrant ssh -- sudo make -C /root/testsuite test
+      - name: Check unwanted denials
+        run: vagrant ssh -- '! sudo ausearch -m avc -i </dev/null | grep unconfined_t'
       - name: Check .gitignore coverage
         run: test "$(vagrant ssh -- sudo git -C /root/testsuite ls-files -o --exclude-standard | wc -l)" -eq 0