During the test such denials may occur. Since they don't affect testing,
prevent them from being audited to have a cleaner AVC log.
Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
---
policy/test_global.te | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/test_global.te b/policy/test_global.te
index 91bddd8..7d399e6 100644
--- a/policy/test_global.te
+++ b/policy/test_global.te
@@ -66,6 +66,9 @@ optional_policy(`
# Needed for domains outside domain_type()
dontaudit testsuite_caller_domain testsuite_domain:process { noatsecure rlimitinh siginh };
+# keys test may trigger search AVCs for root's keys
+dontaudit testsuite_domain testsuite_caller_domain:key { search };
+
# Allow the test domains to access the sysadm terminal.
# This allows read and write sysadm ttys and ptys.
term_use_all_terms(testsuite_domain)
--
2.37.1
