diff options
author | Tim Steinbach <tim@nequissimus.com> | 2017-09-05 19:03:54 -0400 |
---|---|---|
committer | Tim Steinbach <tim@nequissimus.com> | 2017-09-05 19:03:54 -0400 |
commit | 04b0f3255fc2c9e275ac93eeb29c37f6465a3992 (patch) | |
tree | c32bf07b5b28df143c474c8d6e060f5c56373820 /nixos/tests | |
parent | 8706664ff69444ed1d576250901a4d45cb17c690 (diff) | |
download | nixlib-04b0f3255fc2c9e275ac93eeb29c37f6465a3992.tar nixlib-04b0f3255fc2c9e275ac93eeb29c37f6465a3992.tar.gz nixlib-04b0f3255fc2c9e275ac93eeb29c37f6465a3992.tar.bz2 nixlib-04b0f3255fc2c9e275ac93eeb29c37f6465a3992.tar.lz nixlib-04b0f3255fc2c9e275ac93eeb29c37f6465a3992.tar.xz nixlib-04b0f3255fc2c9e275ac93eeb29c37f6465a3992.tar.zst nixlib-04b0f3255fc2c9e275ac93eeb29c37f6465a3992.zip |
tests: Add sysctl
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/sysctl.nix | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/nixos/tests/sysctl.nix b/nixos/tests/sysctl.nix new file mode 100644 index 000000000000..d7220cabb22c --- /dev/null +++ b/nixos/tests/sysctl.nix @@ -0,0 +1,25 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "sysctl"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { config, lib, pkgs, ... }: + { + boot.kernelPackages = pkgs.linuxPackages; + boot.kernel.sysctl = { + "kernel.dmesg_restrict" = true; # Restrict dmesg access + "net.core.bpf_jit_enable" = false; # Turn off bpf JIT + "user.max_user_namespaces" = 0; # Disable user namespaces + "vm.swappiness" = 2; # Low swap usage + }; + }; + + testScript = + '' + $machine->succeed("sysctl kernel.dmesg_restrict | grep 'kernel.dmesg_restrict = 1'"); + $machine->succeed("sysctl net.core.bpf_jit_enable | grep 'net.core.bpf_jit_enable = 0'"); + $machine->succeed("sysctl user.max_user_namespaces | grep 'user.max_user_namespaces = 0'"); + $machine->succeed("sysctl vm.swappiness | grep 'vm.swappiness = 2'"); + ''; +}) |