I wanted to make systemcheck --verbose (“developer mode”) more useful. Therefore, I made any message in the journal that matches error, warning, fail, and AppArmor allowed/denied exit non-zero. That is, unless it’s an expected message that has a grep match to ignore it.
(There are many messages that I’d rather be gone (false positives) or fixed, but that’s unfortunately unrealistic.)
The purpose of that is to remind me to add more and more messages. Ignore the unfixable ones, fix and/or report the fixable ones.
I didn’t keep in mind that Qubes QA also uses the --verbose option.
Potential solutions:
- A) Drop using
--verbose. - B) Pull request to add messages to ignore (once reported, they can be ignored). systemcheck/usr/libexec/systemcheck/check_services.bsh at master · Kicksecure/systemcheck · GitHub
- C) Report messages to ignore here.
- D) I could implement a special exit code, which you could then ignore or count as a “soft failure” (if such a concept exists).
Thoughts?