diff options
| author | xeji <36407913+xeji@users.noreply.github.com> | 2018-05-19 08:42:15 +0200 |
|---|---|---|
| committer | Robert Schütz <rschuetz17@gmail.com> | 2018-05-19 08:42:15 +0200 |
| commit | 301072dc271edc84f722e1bac508f4ed0d4700d3 (patch) | |
| tree | efbdf7b3ee4e7c05411cd85c0f34b6e3b4a00ea7 | |
| parent | 93a5152c82ab24aa66b173c175830f9a51d73bdb (diff) | |
| download | nixlib-301072dc271edc84f722e1bac508f4ed0d4700d3.tar nixlib-301072dc271edc84f722e1bac508f4ed0d4700d3.tar.gz nixlib-301072dc271edc84f722e1bac508f4ed0d4700d3.tar.bz2 nixlib-301072dc271edc84f722e1bac508f4ed0d4700d3.tar.lz nixlib-301072dc271edc84f722e1bac508f4ed0d4700d3.tar.xz nixlib-301072dc271edc84f722e1bac508f4ed0d4700d3.tar.zst nixlib-301072dc271edc84f722e1bac508f4ed0d4700d3.zip | |
nixos/tests/hardened: fix test (#40745)
failed because `pgrep -u` segfaults when accesss to proc info is denied on a hardened system.
| -rw-r--r-- | nixos/tests/hardened.nix | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index cb33b69e7199..0a0639d62796 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -25,16 +25,18 @@ import ./make-test.nix ({ pkgs, ...} : { testScript = '' + $machine->waitForUnit("multi-user.target"); + # Test hidepid subtest "hidepid", sub { $machine->succeed("grep -Fq hidepid=2 /proc/mounts"); - $machine->succeed("[ `su - sybil -c 'pgrep -c -u root'` = 0 ]"); - $machine->succeed("[ `su - alice -c 'pgrep -c -u root'` != 0 ]"); + # cannot use pgrep -u here, it segfaults when access to process info is denied + $machine->succeed("[ `su - sybil -c 'ps --no-headers --user root | wc -l'` = 0 ]"); + $machine->succeed("[ `su - alice -c 'ps --no-headers --user root | wc -l'` != 0 ]"); }; # Test kernel module hardening subtest "lock-modules", sub { - $machine->waitForUnit("multi-user.target"); # note: this better a be module we normally wouldn't load ... $machine->fail("modprobe dccp"); }; |