Skip to content

Commit

Permalink
feat: Added a fixture for integration tests to check selinux denials
Browse files Browse the repository at this point in the history
  • Loading branch information
archana-redhat committed Nov 7, 2024
1 parent 964031f commit e464b8d
Showing 1 changed file with 16 additions and 3 deletions.
19 changes: 16 additions & 3 deletions integration-tests/conftest.py
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
import pytest
import subprocess
import time
import logging

logger = logging.getLogger(__name__)
from pytest_client_tools.util import logged_run


@pytest.fixture(scope="session")
Expand Down Expand Up @@ -58,3 +56,18 @@ def loop_until(predicate, poll_sec=5, timeout_sec=120):
time.sleep(poll_sec)
ok = predicate()
return ok


@pytest.fixture(scope="session", autouse=True)
def collect_selinux_denials():
"""This fixture helps in catching selinux denials
in the system after tests are run."""
yield
command = "ausearch -m avc -m user_avc -m selinux_err -i".split()
result = logged_run(command, capture_output=True, text=True)
if "<no matches>" not in result.stdout:
lines = result.stdout.split("\n")
for line in lines:
words = line.split()
if "denied" in words:
assert "permissive=1" in words, "SELinux AVC denials found"

0 comments on commit e464b8d

Please sign in to comment.