nixos/dnscrypt-proxy: fix apparmor profile and test
Test failed because of an incomplete apparmor profile. - fix apparmor profile - improve test timing, prevent non-deterministic failure
This commit is contained in:
parent
8bcec815bd
commit
8dbd8f4d69
@ -192,6 +192,7 @@ in
|
|||||||
security.apparmor.profiles = singleton (pkgs.writeText "apparmor-dnscrypt-proxy" ''
|
security.apparmor.profiles = singleton (pkgs.writeText "apparmor-dnscrypt-proxy" ''
|
||||||
${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy {
|
${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy {
|
||||||
/dev/null rw,
|
/dev/null rw,
|
||||||
|
/dev/random r,
|
||||||
/dev/urandom r,
|
/dev/urandom r,
|
||||||
|
|
||||||
/etc/passwd r,
|
/etc/passwd r,
|
||||||
@ -211,6 +212,9 @@ in
|
|||||||
${getLib pkgs.gcc.cc}/lib/libssp.so.* mr,
|
${getLib pkgs.gcc.cc}/lib/libssp.so.* mr,
|
||||||
${getLib pkgs.libsodium}/lib/libsodium.so.* mr,
|
${getLib pkgs.libsodium}/lib/libsodium.so.* mr,
|
||||||
${getLib pkgs.systemd}/lib/libsystemd.so.* mr,
|
${getLib pkgs.systemd}/lib/libsystemd.so.* mr,
|
||||||
|
${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so.* mr,
|
||||||
|
${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so.* mr,
|
||||||
|
${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so.* mr,
|
||||||
${getLib pkgs.xz}/lib/liblzma.so.* mr,
|
${getLib pkgs.xz}/lib/liblzma.so.* mr,
|
||||||
${getLib pkgs.libgcrypt}/lib/libgcrypt.so.* mr,
|
${getLib pkgs.libgcrypt}/lib/libgcrypt.so.* mr,
|
||||||
${getLib pkgs.libgpgerror}/lib/libgpg-error.so.* mr,
|
${getLib pkgs.libgpgerror}/lib/libgpg-error.so.* mr,
|
||||||
|
@ -26,7 +26,8 @@ import ./make-test.nix ({ pkgs, ... }: {
|
|||||||
$client->waitForUnit("dnsmasq");
|
$client->waitForUnit("dnsmasq");
|
||||||
|
|
||||||
# The daemon is socket activated; sending a single ping should activate it.
|
# The daemon is socket activated; sending a single ping should activate it.
|
||||||
|
$client->fail("systemctl is-active dnscrypt-proxy");
|
||||||
$client->execute("${pkgs.iputils}/bin/ping -c1 example.com");
|
$client->execute("${pkgs.iputils}/bin/ping -c1 example.com");
|
||||||
$client->succeed("systemctl is-active dnscrypt-proxy");
|
$client->waitUntilSucceeds("systemctl is-active dnscrypt-proxy");
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
Loading…
Reference in New Issue
Block a user