diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2019-05-11 18:20:41 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2019-05-11 18:21:44 +0200 |
commit | 92d41f83fdf8153bd76440e88302d649ea6f7b9e (patch) | |
tree | 2ca3af263f28d610d83c82b6de5629b3bb8b7277 /nixos/tests/hardened.nix | |
parent | 68f5d1fa4cd6400fa697cd7cf6dbb2cf8de17e34 (diff) |
nixos/tests/hardened: check that apparmor is properly loaded
Diffstat (limited to 'nixos/tests/hardened.nix')
-rw-r--r-- | nixos/tests/hardened.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index 07bd10963bab6..614889c4d73c4 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -30,6 +30,16 @@ import ./make-test.nix ({ pkgs, ...} : { '' $machine->waitForUnit("multi-user.target"); + subtest "apparmor-loaded", sub { + $machine->succeed("systemctl status apparmor.service"); + }; + + # AppArmor securityfs + subtest "apparmor-securityfs", sub { + $machine->succeed("mountpoint -q /sys/kernel/security"); + $machine->succeed("cat /sys/kernel/security/apparmor/profiles"); + }; + # Test loading out-of-tree modules subtest "extra-module-packages", sub { $machine->succeed("grep -Fq wireguard /proc/modules"); |