diff options
| author | Alyssa Ross <hi@alyssa.is> | 2019-05-17 10:56:54 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2019-05-17 10:56:54 +0000 |
| commit | c1d22074139ab0d048a05b5e5116265d099114d6 (patch) | |
| tree | 97977009422d675f8930f97c309b010481289e72 /nixpkgs/nixos/tests/hardened.nix | |
| parent | 4dc8afe4fd6b18437150129e0a1ecc23c6a1c0b9 (diff) | |
| parent | bc9df0f66110039e495b6debe3a6cda4a1bb0fed (diff) | |
| download | nixlib-c1d22074139ab0d048a05b5e5116265d099114d6.tar nixlib-c1d22074139ab0d048a05b5e5116265d099114d6.tar.gz nixlib-c1d22074139ab0d048a05b5e5116265d099114d6.tar.bz2 nixlib-c1d22074139ab0d048a05b5e5116265d099114d6.tar.lz nixlib-c1d22074139ab0d048a05b5e5116265d099114d6.tar.xz nixlib-c1d22074139ab0d048a05b5e5116265d099114d6.tar.zst nixlib-c1d22074139ab0d048a05b5e5116265d099114d6.zip | |
Merge commit 'bc9df0f66110039e495b6debe3a6cda4a1bb0fed'
Diffstat (limited to 'nixpkgs/nixos/tests/hardened.nix')
| -rw-r--r-- | nixpkgs/nixos/tests/hardened.nix | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/nixpkgs/nixos/tests/hardened.nix b/nixpkgs/nixos/tests/hardened.nix index 07bd10963bab..1ff329bd98de 100644 --- a/nixpkgs/nixos/tests/hardened.nix +++ b/nixpkgs/nixos/tests/hardened.nix @@ -27,9 +27,33 @@ import ./make-test.nix ({ pkgs, ...} : { }; testScript = + let + hardened-malloc-tests = pkgs.stdenv.mkDerivation rec { + name = "hardened-malloc-tests-${pkgs.graphene-hardened-malloc.version}"; + src = pkgs.graphene-hardened-malloc.src; + buildPhase = '' + cd test/simple-memory-corruption + make -j4 + ''; + + installPhase = '' + find . -type f -executable -exec install -Dt $out/bin '{}' + + ''; + }; + in '' $machine->waitForUnit("multi-user.target"); + subtest "apparmor-loaded", sub { + $machine->succeed("systemctl status apparmor.service"); + }; + + # AppArmor securityfs + subtest "apparmor-securityfs", sub { + $machine->succeed("mountpoint -q /sys/kernel/security"); + $machine->succeed("cat /sys/kernel/security/apparmor/profiles"); + }; + # Test loading out-of-tree modules subtest "extra-module-packages", sub { $machine->succeed("grep -Fq wireguard /proc/modules"); @@ -83,5 +107,18 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->fail("systemctl hibernate"); $machine->fail("systemctl kexec"); }; + + # Test hardened memory allocator + sub runMallocTestProg { + my ($progName, $errorText) = @_; + my $text = "fatal allocator error: " . $errorText; + $machine->fail("${hardened-malloc-tests}/bin/" . $progName) =~ $text; + }; + + subtest "hardenedmalloc", sub { + runMallocTestProg("double_free_large", "invalid free"); + runMallocTestProg("unaligned_free_small", "invalid unaligned free"); + runMallocTestProg("write_after_free_small", "detected write after free"); + }; ''; }) |