colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests/hardened: Fix usage with 5.8

Browse Source 
Linux >= 5.8 improved /proc mount options. `hidepid=2` is now
displayed as `hidepid=invisible`
This commit is contained in:
Tim Steinbach 2020-10-05 09:07:21 -04:00
parent dedd67610a
commit 03197f94ce
No known key found for this signature in database
GPG Key ID: FD36A5EAAC49035A
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/tests/hardened.nix
View File

@ -67,7 +67,10 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : {
# Test hidepid
with subtest("hidepid=2 option is applied and works"):
machine.succeed("grep -Fq hidepid=2 /proc/mounts")
# Linux >= 5.8 shows "invisible"
machine.succeed(
"grep -Fq hidepid=2 /proc/mounts || grep -Fq hidepid=invisible /proc/mounts"
)
# cannot use pgrep -u here, it segfaults when access to process info is denied
machine.succeed("[ `su - sybil -c 'ps --no-headers --user root | wc -l'` = 0 ]")
machine.succeed("[ `su - alice -c 'ps --no-headers --user root | wc -l'` != 0 ]")