pyrox.dev / nixpkgs
lol
fork atom

grsecurity test: refactoring

Joachim Fasting 64a64c6b c1d60d8c

+10 -10
+10 -10
nixos/tests/grsecurity.nix
··· 8 8 9 9 machine = { config, pkgs, ... }: 10 10 { security.grsecurity.enable = true; 11 + boot.kernel.sysctl."kernel.grsecurity.audit_mount" = 0; 11 12 boot.kernel.sysctl."kernel.grsecurity.deter_bruteforce" = 0; 13 + networking.useDHCP = false; 12 14 }; 13 15 14 16 testScript = '' ··· 20 22 21 23 subtest "paxtest", sub { 22 24 # TODO: running paxtest blackhat hangs the vm 23 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/anonmap") =~ /Killed/ or die; 24 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/execbss") =~ /Killed/ or die; 25 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/execdata") =~ /Killed/ or die; 26 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/execheap") =~ /Killed/ or die; 27 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/execstack") =~ /Killed/ or die; 28 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotanon") =~ /Killed/ or die; 29 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotbss") =~ /Killed/ or die; 30 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotdata") =~ /Killed/ or die; 31 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotheap") =~ /Killed/ or die; 32 - $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotstack") =~ /Killed/ or die; 25 + my @pax_mustkill = ( 26 + "anonmap", "execbss", "execdata", "execheap", "execstack", 27 + "mprotanon", "mprotbss", "mprotdata", "mprotheap", "mprotstack", 28 + ); 29 + foreach my $name (@pax_mustkill) { 30 + my $paxtest = "${pkgs.paxtest}/lib/paxtest/" . $name; 31 + $machine->succeed($paxtest) =~ /Killed/ or die 32 + } 33 33 }; 34 34 35 35 # tcc -run executes run-time generated code and so allows us to test whether