nixos/murmur: add apparmor policy

author: Philipp Bartsch <phil@grmr.de> 2023-07-09 01:01:03 +0200
committer: Philipp Bartsch <phil@grmr.de> 2023-07-13 11:11:01 +0200
commit: 30ad9053abddb3128e90c023faf64e0bdd4fce1a (patch)
tree: 3970e2cce2c5a39879a316a89d8f18619e7536d0 /nixos/tests/mumble.nix
parent: ced170c030a409f8e21a7c1e20bced6a9397c1d2 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/tests/mumble.nix b/nixos/tests/mumble.nix
index 2b5cc20163bcb..8eee454721a13 100644
--- a/nixos/tests/mumble.nix
+++ b/nixos/tests/mumble.nix
@@ -20,6 +20,7 @@ in
 
   nodes = {
     server = { config, ... }: {
+      security.apparmor.enable = true;
       services.murmur.enable = true;
       services.murmur.registerName = "NixOS tests";
       services.murmur.password = "$MURMURD_PASSWORD";
@@ -81,5 +82,8 @@ in
     server.sleep(5)  # wait to get screenshot
     client1.screenshot("screen1")
     client2.screenshot("screen2")
+
+    # check if apparmor denied anything
+    server.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""')
   '';
 })
author	Philipp Bartsch <phil@grmr.de>	2023-07-09 01:01:03 +0200
committer	Philipp Bartsch <phil@grmr.de>	2023-07-13 11:11:01 +0200
commit	30ad9053abddb3128e90c023faf64e0bdd4fce1a (patch)
tree	3970e2cce2c5a39879a316a89d8f18619e7536d0 /nixos/tests/mumble.nix
parent	ced170c030a409f8e21a7c1e20bced6a9397c1d2 (diff)