From: Daan De Meyer Date: Wed, 8 Jan 2025 12:31:11 +0000 (+0100) Subject: TEST-06-SELINUX: Add knob to allow checking for AVCs X-Git-Tag: v258-rc1~1656^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de19520ec979902fd457515d1a795210fdaedf93;p=thirdparty%2Fsystemd.git TEST-06-SELINUX: Add knob to allow checking for AVCs When running the integration tests downstream, it's useful to be able to test that a new systemd version doesn't introduce any AVC denials, so let's add a knob to make that possible. --- diff --git a/test/README.md b/test/README.md index 396ac0ed32c..f880a984f1a 100644 --- a/test/README.md +++ b/test/README.md @@ -151,6 +151,16 @@ that make use of `run_testcases`. `TEST_SKIP_TESTCASE=testcase`: takes a space separated list of testcases to skip. +### SELinux AVCs + +To have `TEST-06-SELINUX` check for SELinux denials, write the following to +mkosi.local.conf: + +```conf +[Runtime] +KernelCommandLineExtra=systemd.setenv=TEST_SELINUX_CHECK_AVCS=1 +``` + ## Ubuntu CI New PRs submitted to the project are run through regression tests, and one set diff --git a/test/fmf/integration-tests/test.sh b/test/fmf/integration-tests/test.sh index effe4b2d6f5..be8d874dc4e 100755 --- a/test/fmf/integration-tests/test.sh +++ b/test/fmf/integration-tests/test.sh @@ -69,6 +69,13 @@ ToolsTreeDistribution=$ID ToolsTreeRelease=${VERSION_ID:-rawhide} EOF +if [[ -n "${TEST_SELINUX_CHECK_AVCS:-}" ]]; then + tee --append mkosi.local.conf <