diff --git a/.github/workflows/CICD.yml b/.github/workflows/CICD.yml
index be1402d5499..9643815d9bb 100644
--- a/.github/workflows/CICD.yml
+++ b/.github/workflows/CICD.yml
@@ -1034,3 +1034,38 @@ jobs:
           echo "Running tests with --features=$f and --no-default-features"
           cargo test --features=$f --no-default-features
         done
+
+  test_selinux:
+    name: Build/SELinux
+    needs: [ min_version, deps ]
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+    - uses: dtolnay/rust-toolchain@stable
+    - name: Setup Lima
+      uses: lima-vm/lima-actions/setup@v1
+      id: lima-actions-setup
+    - name: Cache ~/.cache/lima
+      uses: actions/cache@v4
+      with:
+        path: ~/.cache/lima
+        key: lima-${{ steps.lima-actions-setup.outputs.version }}
+    - name: Start Fedora VM with SELinux
+      run: limactl start --plain --name=default --cpus=1 --disk=30 --memory=4 --network=lima:user-v2 template://fedora
+    - name: Setup SSH
+      uses: lima-vm/lima-actions/ssh@v1
+    - run: rsync -v -a -e ssh . lima-default:~/work/
+    - name: Setup Rust and other build deps in VM
+      run: |
+        lima sudo dnf install gcc g++ git rustup libselinux-devel clang-devel -y
+        lima rustup-init -y --default-toolchain stable
+    - name: Verify SELinux Status
+      run: |
+        lima getenforce
+        lima ls -laZ /etc/selinux
+    - name: Build and Test with SELinux
+      run: |
+        lima ls
+        lima bash -c "cd work && cargo test --features 'feat_selinux'"
diff --git a/tests/by-util/test_chcon.rs b/tests/by-util/test_chcon.rs
index 1fd356e5b59..d05571da0d2 100644
--- a/tests/by-util/test_chcon.rs
+++ b/tests/by-util/test_chcon.rs
@@ -527,6 +527,7 @@ fn valid_reference_repeat_flags() {
 }
 
 #[test]
+#[ignore = "issue #7443"]
 fn valid_reference_repeated_reference() {
     let (dir, mut cmd) = at_and_ucmd!();
 
diff --git a/tests/by-util/test_dd.rs b/tests/by-util/test_dd.rs
index 16d2ee10d2e..792b88294f3 100644
--- a/tests/by-util/test_dd.rs
+++ b/tests/by-util/test_dd.rs
@@ -4,7 +4,7 @@
 // file that was distributed with this source code.
 // spell-checker:ignore fname, tname, fpath, specfile, testfile, unspec, ifile, ofile, outfile, fullblock, urand, fileio, atoe, atoibm, availible, behaviour, bmax, bremain, btotal, cflags, creat, ctable, ctty, datastructures, doesnt, etoa, fileout, fname, gnudd, iconvflags, iseek, nocache, noctty, noerror, nofollow, nolinks, nonblock, oconvflags, oseek, outfile, parseargs, rlen, rmax, rposition, rremain, rsofar, rstat, sigusr, sigval, wlen, wstat abcdefghijklm abcdefghi nabcde nabcdefg abcdefg fifoname seekable
 
-#[cfg(unix)]
+#[cfg(all(unix, not(feature = "feat_selinux")))]
 use crate::common::util::run_ucmd_as_root_with_stdin_stdout;
 use crate::common::util::TestScenario;
 #[cfg(all(not(windows), feature = "printf"))]
@@ -1552,6 +1552,8 @@ fn test_nocache_file() {
 
 #[test]
 #[cfg(unix)]
+#[cfg(not(feature = "feat_selinux"))]
+// Disabled on SELinux for now
 fn test_skip_past_dev() {
     // NOTE: This test intends to trigger code which can only be reached with root permissions.
     let ts = TestScenario::new(util_name!());
@@ -1573,6 +1575,7 @@ fn test_skip_past_dev() {
 
 #[test]
 #[cfg(unix)]
+#[cfg(not(feature = "feat_selinux"))]
 fn test_seek_past_dev() {
     // NOTE: This test intends to trigger code which can only be reached with root permissions.
     let ts = TestScenario::new(util_name!());
diff --git a/tests/by-util/test_df.rs b/tests/by-util/test_df.rs
index bd6947450de..d3692a7f0dd 100644
--- a/tests/by-util/test_df.rs
+++ b/tests/by-util/test_df.rs
@@ -285,6 +285,7 @@ fn test_type_option() {
 
 #[test]
 #[cfg(not(any(target_os = "freebsd", target_os = "windows")))] // FIXME: fix test for FreeBSD & Win
+#[cfg(not(feature = "feat_selinux"))]
 fn test_type_option_with_file() {
     let fs_type = new_ucmd!()
         .args(&["--output=fstype", "."])
diff --git a/tests/by-util/test_ls.rs b/tests/by-util/test_ls.rs
index ae09ab0b40c..6b9be8eb518 100644
--- a/tests/by-util/test_ls.rs
+++ b/tests/by-util/test_ls.rs
@@ -1102,6 +1102,8 @@ fn test_ls_long() {
 
 #[cfg(not(windows))]
 #[test]
+#[cfg(not(feature = "feat_selinux"))]
+// Disabled on the SELinux runner for now
 fn test_ls_long_format() {
     let scene = TestScenario::new(util_name!());
     let at = &scene.fixtures;
@@ -1474,6 +1476,8 @@ fn test_ls_long_total_size() {
 }
 
 #[test]
+#[cfg(not(feature = "feat_selinux"))]
+// Disabled on the SELinux runner for now
 fn test_ls_long_formats() {
     let scene = TestScenario::new(util_name!());
     let at = &scene.fixtures;
@@ -2749,6 +2753,8 @@ fn test_ls_color() {
 
 #[cfg(unix)]
 #[test]
+#[cfg(not(feature = "feat_selinux"))]
+// Disabled on the SELinux runner for now
 fn test_ls_inode() {
     let scene = TestScenario::new(util_name!());
     let at = &scene.fixtures;
@@ -5279,6 +5285,8 @@ fn test_acl_display() {
 // setting is also configured).
 #[cfg(unix)]
 #[test]
+#[cfg(not(feature = "feat_selinux"))]
+// Disabled on the SELinux runner for now
 fn test_ls_color_norm() {
     let scene = TestScenario::new(util_name!());
     let at = &scene.fixtures;
diff --git a/tests/by-util/test_runcon.rs b/tests/by-util/test_runcon.rs
index 6840ab3b964..ec1f4f8b3a1 100644
--- a/tests/by-util/test_runcon.rs
+++ b/tests/by-util/test_runcon.rs
@@ -51,7 +51,7 @@ fn invalid() {
         "unconfined_u:unconfined_r:unconfined_t:s0",
         "inexistent-file",
     ];
-    new_ucmd!().args(args).fails_with_code(1);
+    new_ucmd!().args(args).fails_with_code(127);
 
     let args = &["invalid", "/bin/true"];
     new_ucmd!().args(args).fails_with_code(1);