diff --git a/integration-tests/conftest.py b/integration-tests/conftest.py index 1b1a91f4..45f2daa6 100644 --- a/integration-tests/conftest.py +++ b/integration-tests/conftest.py @@ -134,3 +134,26 @@ def check_is_bootc_system(): ) except FileNotFoundError: return False + + +@pytest.fixture(autouse=True) +def check_avcs(request): + try: + avc_skiplist = request.node.get_closest_marker("avc_skiplist").args[0] + except AttributeError: + avc_skiplist = () + checkpoint_file = f"/tmp/avc_checkpoint.{os.getpid()}" + subprocess.run( + ["ausearch", "-m", "AVC", "--checkpoint", checkpoint_file], + stdout=subprocess.DEVNULL, + stderr=subprocess.DEVNULL, + ) + def test_check_avcs(): + avcs = subprocess.run( + ["ausearch", "-m", "AVC", "--checkpoint", checkpoint_file], + stdout=subprocess.PIPE, + ) + if avcs.stdout: + pytest.fail("AVCs detected during test run!\n" + avcs.stdout.decode()) + request.addfinalizer(test_check_avcs) + yield diff --git a/integration-tests/test_selinux.py b/integration-tests/test_selinux.py index 06edaa7c..ec397fea 100644 --- a/integration-tests/test_selinux.py +++ b/integration-tests/test_selinux.py @@ -387,3 +387,7 @@ def test_selinux_core_context(insights_client): "under incorrect SELinux context or the selinux policy is too graceful.\n" "Only following AVCs were hit:\n" + checker.get_denials() ) + +@pytest.mark.avc_skiplist((".*",)) +def test_avc_fixture(): + pass diff --git a/systemtest/tests/integration/test.sh b/systemtest/tests/integration/test.sh index d1044f47..41ddd01b 100755 --- a/systemtest/tests/integration/test.sh +++ b/systemtest/tests/integration/test.sh @@ -40,7 +40,7 @@ python3 -m venv venv pip install -r integration-tests/requirements.txt -pytest --log-level debug --junit-xml=./junit.xml -v integration-tests ${PYTEST_FILTER:+-k "${PYTEST_FILTER}"} +pytest --setup-show --log-level debug --junit-xml=./junit.xml -v integration-tests ${PYTEST_FILTER:+-k "${PYTEST_FILTER}"} retval=$? if [ -d "$TMT_PLAN_DATA" ]; then