From 03197f94ce2d4b0feb673840d30f602e93357040 Mon Sep 17 00:00:00 2001 From: Tim Steinbach Date: Mon, 5 Oct 2020 09:07:21 -0400 Subject: [PATCH] tests/hardened: Fix usage with 5.8 Linux >= 5.8 improved /proc mount options. `hidepid=2` is now displayed as `hidepid=invisible` --- nixos/tests/hardened.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index 8d845de70e24..ab5fa609e072 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -67,7 +67,10 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : { # Test hidepid with subtest("hidepid=2 option is applied and works"): - machine.succeed("grep -Fq hidepid=2 /proc/mounts") + # Linux >= 5.8 shows "invisible" + machine.succeed( + "grep -Fq hidepid=2 /proc/mounts || grep -Fq hidepid=invisible /proc/mounts" + ) # cannot use pgrep -u here, it segfaults when access to process info is denied machine.succeed("[ `su - sybil -c 'ps --no-headers --user root | wc -l'` = 0 ]") machine.succeed("[ `su - alice -c 'ps --no-headers --user root | wc -l'` != 0 ]")