tests: check for avc denials around daemon-reload

xref https://bugzilla.redhat.com/show_bug.cgi?id=1924869
coreos · Apr 28, 2022 · 0b4762c · 0b4762c
1 parent 96241ae
commit 0b4762c
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/tests/kola/systemd/systemd-daemon-reload-avc b/tests/kola/systemd/systemd-daemon-reload-avc
@@ -0,0 +1,24 @@
+#!/bin/bash
+# kola: { "exclusive": true }
+# Verify there are no AVC denial before and after reloading the systemd manager configuration
+#
+# https://bugzilla.redhat.com/show_bug.cgi?id=1924869
+set -xeuo pipefail
+
+. $KOLA_EXT_DATA/commonlib.sh
+
+check_avc_denials() {
+    if test -f /var/log/audit/audit.log; then
+        if grep 'avc.*denied' /var/log/audit/audit.log; then
+            fatal "Found AVC denials"
+        fi
+    else
+        if journalctl -q --no-pager --grep='avc.*denied' _TRANSPORT=audit; then
+            fatal "Found AVC denials"
+        fi
+    fi
+}
+
+check_avc_denials
+systemctl daemon-reload
+check_avc_denials