grsecurity test: verify that the grsec device node is created
This commit is contained in:
parent
96542a1b00
commit
8c8d6b4053
@ -9,7 +9,6 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||||||
machine = { config, pkgs, ... }:
|
machine = { config, pkgs, ... }:
|
||||||
{ security.grsecurity.enable = true;
|
{ security.grsecurity.enable = true;
|
||||||
boot.kernel.sysctl."kernel.grsecurity.deter_bruteforce" = 0;
|
boot.kernel.sysctl."kernel.grsecurity.deter_bruteforce" = 0;
|
||||||
security.apparmor.enable = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
testScript = ''
|
testScript = ''
|
||||||
@ -37,5 +36,9 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||||||
$machine->execute("echo -e '#include <stdio.h>\nint main(void) { puts(\"hello\"); return 0; }' >main.c");
|
$machine->execute("echo -e '#include <stdio.h>\nint main(void) { puts(\"hello\"); return 0; }' >main.c");
|
||||||
$machine->succeed("${pkgs.tinycc.bin}/bin/tcc -run main.c");
|
$machine->succeed("${pkgs.tinycc.bin}/bin/tcc -run main.c");
|
||||||
};
|
};
|
||||||
|
|
||||||
|
subtest "RBAC", sub {
|
||||||
|
$machine->succeed("[ -c /dev/grsec ]");
|
||||||
|
};
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
Loading…
x
Reference in New Issue
Block a user