From 92d41f83fdf8153bd76440e88302d649ea6f7b9e Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 11 May 2019 18:20:41 +0200
Subject: [PATCH] nixos/tests/hardened: check that apparmor is properly loaded

---
 nixos/tests/hardened.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix
index 07bd10963bab..614889c4d73c 100644
--- a/nixos/tests/hardened.nix
+++ b/nixos/tests/hardened.nix
@@ -30,6 +30,16 @@ import ./make-test.nix ({ pkgs, ...} : {
     ''
       $machine->waitForUnit("multi-user.target");
 
+      subtest "apparmor-loaded", sub {
+          $machine->succeed("systemctl status apparmor.service");
+      };
+
+      # AppArmor securityfs
+      subtest "apparmor-securityfs", sub {
+          $machine->succeed("mountpoint -q /sys/kernel/security");
+          $machine->succeed("cat /sys/kernel/security/apparmor/profiles");
+      };
+
       # Test loading out-of-tree modules
       subtest "extra-module-packages", sub {
           $machine->succeed("grep -Fq wireguard /proc/modules");