These would likely signify a bug in the testsuite policy. Make sure
there are none.
Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
---
.github/workflows/checks.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 59076cb..96843e4 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -38,5 +38,7 @@ jobs:
run: while ! vagrant ssh -- true; do sleep 1s; done
- name: Run SELinux testsuite
run: vagrant ssh -- sudo make -C /root/testsuite test
+ - name: Check unwanted denials
+ run: vagrant ssh -- '! sudo ausearch -m avc -i </dev/null | grep unconfined_t'
- name: Check .gitignore coverage
run: test "$(vagrant ssh -- sudo git -C /root/testsuite ls-files -o --exclude-standard | wc -l)" -eq 0
--
2.37.1
