JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/tests/hardened: test loading out-of-tree-modules

Browse Source
This commit is contained in:
Joachim Fasting 2019-01-06 13:17:38 +01:00
parent b3d8aa2677
commit 39c30a33c1
No known key found for this signature in database
GPG Key ID: 5C204DF675C90294
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/tests/hardened.nix
View File

@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : {
}; };
machine = machine =
{ lib, pkgs, ... }: { lib, pkgs, config, ... }:
with lib; with lib;
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
users.users.sybil = { isNormalUser = true; group = "wheel"; }; users.users.sybil = { isNormalUser = true; group = "wheel"; };
@ -22,12 +22,19 @@ import ./make-test.nix ({ pkgs, ...} : {
options = [ "noauto" ]; options = [ "noauto" ];
}; };
}; };
boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
boot.kernelModules = [ "wireguard" ];
}; };
testScript = testScript =
'' ''
$machine->waitForUnit("multi-user.target"); $machine->waitForUnit("multi-user.target");
# Test loading out-of-tree modules
subtest "extra-module-packages", sub {
$machine->succeed("grep -Fq wireguard /proc/modules");
};
# Test hidepid # Test hidepid
subtest "hidepid", sub { subtest "hidepid", sub {
$machine->succeed("grep -Fq hidepid=2 /proc/mounts"); $machine->succeed("grep -Fq hidepid=2 /proc/mounts");