From 16e6599832bae07af26c2e1baf2432b4d2fa2e56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cerm=C3=A1k?= <sairon@users.noreply.github.com>
Date: Wed, 5 Mar 2025 19:04:15 +0100
Subject: [PATCH] Add test that no AppArmor denied events are produced (#3912)

As discussed in #3885, now that fixed Supervisor is in stable, we can test that
no AppArmor denied events are logged during CI tests.

(cherry picked from commit 610ced0162aa1c76915a0cc2adf16d93c858358e)
---
 tests/supervisor_test/test_supervisor.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tests/supervisor_test/test_supervisor.py b/tests/supervisor_test/test_supervisor.py
index 8351fb6c5..1f2e83c79 100644
--- a/tests/supervisor_test/test_supervisor.py
+++ b/tests/supervisor_test/test_supervisor.py
@@ -192,6 +192,13 @@ def test_restore_ssl_directory(shell_json, stash):
     logger.info("Backup restore result: %s", result)
 
 
+@pytest.mark.dependency(depends=["test_start_supervisor"])
+def test_no_apparmor_denies(shell):
+    """Check there are no AppArmor denies in the logs raised during Supervisor tests."""
+    output = shell.run_check("journalctl -t audit | grep DENIED || true")
+    assert not output, f"AppArmor denies found: {output}"
+
+
 @pytest.mark.dependency(depends=["test_start_supervisor"])
 def test_kernel_not_tainted(shell):
     """Check if the kernel is not tainted - do it at the end of the