nixos/tests/hardened: check that apparmor is properly loaded

This commit is contained in:
Joachim Fasting 2019-05-11 18:20:41 +02:00
parent 68f5d1fa4c
commit 92d41f83fd
No known key found for this signature in database
GPG key ID: 5C204DF675C90294

View file

@ -30,6 +30,16 @@ import ./make-test.nix ({ pkgs, ...} : {
''
$machine->waitForUnit("multi-user.target");
subtest "apparmor-loaded", sub {
$machine->succeed("systemctl status apparmor.service");
};
# AppArmor securityfs
subtest "apparmor-securityfs", sub {
$machine->succeed("mountpoint -q /sys/kernel/security");
$machine->succeed("cat /sys/kernel/security/apparmor/profiles");
};
# Test loading out-of-tree modules
subtest "extra-module-packages", sub {
$machine->succeed("grep -Fq wireguard /proc/modules");