diff options
author | xeji <36407913+xeji@users.noreply.github.com> | 2018-05-19 08:42:15 +0200 |
---|---|---|
committer | Robert Schütz <rschuetz17@gmail.com> | 2018-05-19 08:42:15 +0200 |
commit | 301072dc271edc84f722e1bac508f4ed0d4700d3 (patch) | |
tree | efbdf7b3ee4e7c05411cd85c0f34b6e3b4a00ea7 /nixos/tests/hardened.nix | |
parent | 93a5152c82ab24aa66b173c175830f9a51d73bdb (diff) |
nixos/tests/hardened: fix test (#40745)
failed because `pgrep -u` segfaults when accesss to proc info is denied on a hardened system.
Diffstat (limited to 'nixos/tests/hardened.nix')
-rw-r--r-- | nixos/tests/hardened.nix | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index cb33b69e71990..0a0639d62796d 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -25,16 +25,18 @@ import ./make-test.nix ({ pkgs, ...} : { testScript = '' + $machine->waitForUnit("multi-user.target"); + # Test hidepid subtest "hidepid", sub { $machine->succeed("grep -Fq hidepid=2 /proc/mounts"); - $machine->succeed("[ `su - sybil -c 'pgrep -c -u root'` = 0 ]"); - $machine->succeed("[ `su - alice -c 'pgrep -c -u root'` != 0 ]"); + # cannot use pgrep -u here, it segfaults when access to process info is denied + $machine->succeed("[ `su - sybil -c 'ps --no-headers --user root | wc -l'` = 0 ]"); + $machine->succeed("[ `su - alice -c 'ps --no-headers --user root | wc -l'` != 0 ]"); }; # Test kernel module hardening subtest "lock-modules", sub { - $machine->waitForUnit("multi-user.target"); # note: this better a be module we normally wouldn't load ... $machine->fail("modprobe dccp"); }; |