nixos/hardened test: add failing test-case for deferred mounts
This commit is contained in:
parent
15a4f9d8ef
commit
bccaf63067
@ -10,6 +10,17 @@ import ./make-test.nix ({ pkgs, ...} : {
|
||||
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
|
||||
users.users.sybil = { isNormalUser = true; group = "wheel"; };
|
||||
imports = [ ../modules/profiles/hardened.nix ];
|
||||
virtualisation.emptyDiskImages = [ 4096 ];
|
||||
boot.initrd.postDeviceCommands = ''
|
||||
${pkgs.dosfstools}/bin/mkfs.vfat -n EFISYS /dev/vdb
|
||||
'';
|
||||
fileSystems = lib.mkVMOverride {
|
||||
"/efi" = {
|
||||
device = "/dev/disk/by-label/EFISYS";
|
||||
fsType = "vfat";
|
||||
options = [ "noauto" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript =
|
||||
@ -42,5 +53,13 @@ import ./make-test.nix ({ pkgs, ...} : {
|
||||
subtest "kcore", sub {
|
||||
$machine->fail("cat /proc/kcore");
|
||||
};
|
||||
|
||||
# Test deferred mount
|
||||
subtest "mount", sub {
|
||||
$machine->fail("mountpoint -q /efi"); # was deferred
|
||||
$machine->execute("mkdir -p /efi");
|
||||
$machine->succeed("mount /dev/disk/by-label/EFISYS /efi");
|
||||
$machine->succeed("mountpoint -q /efi"); # now mounted
|
||||
};
|
||||
'';
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user