pyrox.dev / nixpkgs
lol
fork atom

nixos/hardened test: add failing test-case for deferred mounts

Joachim Fasting bccaf630 15a4f9d8

+19
unified split
+19
nixos/tests/hardened.nix
··· 10 10 { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; 11 11 users.users.sybil = { isNormalUser = true; group = "wheel"; }; 12 12 imports = [ ../modules/profiles/hardened.nix ]; 13 + virtualisation.emptyDiskImages = [ 4096 ]; 14 + boot.initrd.postDeviceCommands = '' 15 + ${pkgs.dosfstools}/bin/mkfs.vfat -n EFISYS /dev/vdb 16 + ''; 17 + fileSystems = lib.mkVMOverride { 18 + "/efi" = { 19 + device = "/dev/disk/by-label/EFISYS"; 20 + fsType = "vfat"; 21 + options = [ "noauto" ]; 22 + }; 23 + }; 13 24 }; 14 25 15 26 testScript = ··· 41 52 # Test access to kcore 42 53 subtest "kcore", sub { 43 54 $machine->fail("cat /proc/kcore"); 55 + }; 56 + 57 + # Test deferred mount 58 + subtest "mount", sub { 59 + $machine->fail("mountpoint -q /efi"); # was deferred 60 + $machine->execute("mkdir -p /efi"); 61 + $machine->succeed("mount /dev/disk/by-label/EFISYS /efi"); 62 + $machine->succeed("mountpoint -q /efi"); # now mounted 44 63 }; 45 64 ''; 46 65 })