tests/kola: Add lockdown LSM test

See: https://bugzilla.redhat.com/show_bug.cgi?id=2333706

Author: travier

tests/kola/security/lockdown

@@ -0,0 +1,21 @@
+#!/bin/bash
+## kola:
+##   exclusive: false
+##   description: Verify that the lockdown LSM is set to integrity.
+#
+# See https://bugzilla.redhat.com/show_bug.cgi?id=2333706
+
+set -xeuo pipefail
+
+. $KOLA_EXT_DATA/commonlib.sh
+
+if [[ "$(mokutil --sb)" != "SecureBoot enabled" ]]; then
+    # To be confirmed
+    ok "not checking systems without Secure Boot enabled"
+    exit 0
+fi
+if [[ "$(cat "/sys/kernel/security/lockdown")" == "none [integrity] confidentiality" ]]; then
+    ok "lockdown LSM set to integrity"
+else
+    fatal "lockdown LSM not set to integrity"
+fi