diff options
| author | Alyssa Ross <hi@alyssa.is> | 2021-09-27 16:00:58 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2021-09-27 16:00:58 +0000 |
| commit | c504e5d19d940926b3ddcf62c983d66f49f3cbb2 (patch) | |
| tree | ec955e58bcac2cb93b9f8c10786b23f61d40cd7e /nixpkgs/nixos/tests/hardened.nix | |
| parent | 72789cefce7b17419815f600fbd18238d89afcc9 (diff) | |
| parent | 1737f98af6667560e3e4f930312f9b5002649d04 (diff) | |
| download | nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.gz nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.bz2 nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.lz nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.xz nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.tar.zst nixlib-c504e5d19d940926b3ddcf62c983d66f49f3cbb2.zip | |
Merge commit '1737f98af6667560e3e4f930312f9b5002649d04'
Conflicts: nixpkgs/nixos/modules/services/networking/ssh/sshd.nix nixpkgs/pkgs/applications/networking/irc/weechat/scripts/default.nix nixpkgs/pkgs/development/node-packages/default.nix nixpkgs/pkgs/development/python-modules/priority/deadline.patch
Diffstat (limited to 'nixpkgs/nixos/tests/hardened.nix')
| -rw-r--r-- | nixpkgs/nixos/tests/hardened.nix | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/nixpkgs/nixos/tests/hardened.nix b/nixpkgs/nixos/tests/hardened.nix index a0b629086b5a..da7e0972e131 100644 --- a/nixpkgs/nixos/tests/hardened.nix +++ b/nixpkgs/nixos/tests/hardened.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : { +import ./make-test-python.nix ({ pkgs, ... } : { name = "hardened"; meta = with pkgs.lib.maintainers; { maintainers = [ joachifm ]; @@ -10,8 +10,6 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : { { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; users.users.sybil = { isNormalUser = true; group = "wheel"; }; imports = [ ../modules/profiles/hardened.nix ]; - boot.kernelPackages = - lib.mkIf latestKernel pkgs.linuxPackages_latest_hardened; environment.memoryAllocator.provider = "graphene-hardened"; nix.useSandbox = false; virtualisation.emptyDiskImages = [ 4096 ]; @@ -57,6 +55,7 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : { # Test kernel module hardening with subtest("No more kernel modules can be loaded"): # note: this better a be module we normally wouldn't load ... + machine.wait_for_unit("disable-kernel-module-loading.service") machine.fail("modprobe dccp") |