public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/hardened test: add failing test-case for deferred mounts

Browse Source
This commit is contained in:
Joachim Fasting 2017-09-22 23:20:42 +02:00
parent 15a4f9d8ef
commit bccaf63067
No known key found for this signature in database
GPG Key ID: 66EAB6B14F6B6E0D
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nixos/tests/hardened.nix
View File

@ -10,6 +10,17 @@ import ./make-test.nix ({ pkgs, ...} : {
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
users.users.sybil = { isNormalUser = true; group = "wheel"; }; users.users.sybil = { isNormalUser = true; group = "wheel"; };
imports = [ ../modules/profiles/hardened.nix ]; imports = [ ../modules/profiles/hardened.nix ];
virtualisation.emptyDiskImages = [ 4096 ];
boot.initrd.postDeviceCommands = ''
${pkgs.dosfstools}/bin/mkfs.vfat -n EFISYS /dev/vdb
'';
fileSystems = lib.mkVMOverride {
"/efi" = {
device = "/dev/disk/by-label/EFISYS";
fsType = "vfat";
options = [ "noauto" ];
};
};
}; };
testScript = testScript =
@ -42,5 +53,13 @@ import ./make-test.nix ({ pkgs, ...} : {
subtest "kcore", sub { subtest "kcore", sub {
$machine->fail("cat /proc/kcore"); $machine->fail("cat /proc/kcore");
}; };
# Test deferred mount
subtest "mount", sub {
$machine->fail("mountpoint -q /efi"); # was deferred
$machine->execute("mkdir -p /efi");
$machine->succeed("mount /dev/disk/by-label/EFISYS /efi");
$machine->succeed("mountpoint -q /efi"); # now mounted
};
''; '';
}) })