If your Beaker task does something to cause an SELinux AVC denial, or the kernel produces a serious error message during your task, the harness will notice that and report it as a failure in the results. However, despite various attempts in /distribution/install (see bug 1188539 comments), AVC denials and kernel errors which occur *during* the Anaconda installation are not treated the same way. There is no failing result indicating that something went wrong during the installation. The first step is to capture the necessary logs from during the installation. That's bug 1602251. This RFE is about making Beaker catch problems and indicate them as a failure in the test results, in the same way it does for problems which occur after the reboot.
Ideally we would re-use the existing AVC checking and dmesg checking logic from the harness. Right now the behaviour of both Beah and Restraint is not particularly consistent and Beah/RHTS in particular is totally undocumented with some surprising behaviour. But it is important that we at least avoid introducing *yet another* different set of checking logic that does not behave consistently. Even if it's not possible to reuse the actual checking code from Restraint, we should at least ensure that the same (documented) checking logic is applied in both places. See also bug 875543.
From bug 1188539... You should be able to trigger an AVC denial during installation (on RHEL7+) by putting this into the kickstart %pre or %post: cat >/etc/systemd/system/denyme.service <<"EOF" [Unit] Description=Deny Me [Service] Type=oneshot ExecStart=/bin/cat /root/.bash_profile SELinuxContext=guest_u:guest_r:guest_t:s0 EOF systemctl daemon-reload systemctl start denyme Producing fake kernel bug messages is even easier: echo BUG this is a fake bug >/dev/kmsg