test if unconfined process can lockdown kernel for integrity purposes
SELinux policy recently introduced a new lockdown class which contains
2 permissions: integrity and confidentiality.
As you know, processes labeled as unconfined_t should be allowed to
use all permissions from all classes, because they are not confined.
Unfortunately, our internal testing revealed that processes running
as unconfined_t are not allowed to use integrity permission.
The TC does not reproduce the scenario, it only checks the existence
of appropriate allow rules.
The TC covers BZ#1929332 and BZ#1933134.