nixosTests.hardened: disable dhcpcd privsep

Since 831024e2b93 ("nixos/dhcpcd: assert if privSep && alternative
malloc"), this test has an assertion failure because dhcpcd (with
privsep enabled) is not compatible with the allocator used by the
hardened profile.

Since it's unclear[1] what to do about this for the hardened profile,
I propose doing the simplest thing possible to make the test eval,
which is to just disable dhcpcd privsep.  It's very inconvenient when
trying to refactor the NixOS test infrastructure to have a test that
doesn't evaluate.  Once the correct solution is found for using dhcpcd
with privsep with the hardened profile, this patch can be reverted.

[1]: https://github.com/NixOS/nixpkgs/pull/157430

1 files changed, 5 insertions, 0 deletions

diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix
index 3afa8ebf2b5f7..4e2ca4f273a7a 100644
--- a/nixos/tests/hardened.nix
+++ b/nixos/tests/hardened.nix
@@ -12,6 +12,11 @@ import ./make-test-python.nix ({ pkgs, ... } : {
       imports = [ ../modules/profiles/hardened.nix ];
       environment.memoryAllocator.provider = "graphene-hardened";
       nix.settings.sandbox = false;
+      nixpkgs.overlays = [
+        (final: super: {
+          dhcpcd = super.dhcpcd.override { enablePrivSep = false; };
+        })
+      ];
       virtualisation.emptyDiskImages = [ 4096 ];
       boot.initrd.postDeviceCommands = ''
         ${pkgs.dosfstools}/bin/mkfs.vfat -n EFISYS /dev/vdb