ci: add tests to check for races

This is not the kind of race that Go race detector would catch; this is
a race when a /proc file of one thread is opened and when Go changes
the underlying thread, and that different thread tries to write to that
file descriptor.

In order to catch those reliably, we need quite a big number of
iterations, and we only need to test go-selinux stuff. I chose the
count to be 100000 because it takes about 1 minute on my machine:

[kir@kir-tp1 selinux]$ time go test -timeout 3m -count 100000 ./go-selinux
ok  	github.com/opencontainers/selinux/go-selinux	53.763s

real	0m53.983s
user	0m30.030s
sys	0m30.339s

Also note that this only makes sense to run on a SELinux enabled systems
(i.e. those we run under lima).

Signed-off-by: Kir Kolyshkin <[email protected]>

Author: kolyshkin

.github/workflows/validate.yml

@@ -140,6 +140,12 @@ jobs:
         continue-on-error: true
         run: lima make -C /tmp/selinux GOARCH=386 test
 
+      # https://github.com/opencontainers/selinux/issues/222
+      # https://github.com/opencontainers/selinux/issues/225
+      - name: "racy test"
+        continue-on-error: true
+        run: lima bash -c 'cd /tmp/selinux && go test -timeout 10m -count 100000 ./go-selinux'
+
       - name: "Show AVC denials"
         run: lima sudo ausearch -m AVC,USER_AVC || true