From 64a64c6b14d6556b46266c25fa9acb11c99fc033 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 10 Dec 2016 13:38:26 +0100
Subject: [PATCH] grsecurity test: refactoring

---
 nixos/tests/grsecurity.nix | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/nixos/tests/grsecurity.nix b/nixos/tests/grsecurity.nix
index e585a7402d34..ee9e0709e5e7 100644
--- a/nixos/tests/grsecurity.nix
+++ b/nixos/tests/grsecurity.nix
@@ -8,7 +8,9 @@ import ./make-test.nix ({ pkgs, ...} : {
 
   machine = { config, pkgs, ... }:
     { security.grsecurity.enable = true;
+      boot.kernel.sysctl."kernel.grsecurity.audit_mount" = 0;
       boot.kernel.sysctl."kernel.grsecurity.deter_bruteforce" = 0;
+      networking.useDHCP = false;
     };
 
   testScript = ''
@@ -20,16 +22,14 @@ import ./make-test.nix ({ pkgs, ...} : {
 
     subtest "paxtest", sub {
       # TODO: running paxtest blackhat hangs the vm
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/anonmap") =~ /Killed/ or die;
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/execbss") =~ /Killed/ or die;
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/execdata") =~ /Killed/ or die;
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/execheap") =~ /Killed/ or die;
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/execstack") =~ /Killed/ or die;
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotanon") =~ /Killed/ or die;
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotbss") =~ /Killed/ or die;
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotdata") =~ /Killed/ or die;
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotheap") =~ /Killed/ or die;
-      $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotstack") =~ /Killed/ or die;
+      my @pax_mustkill = (
+        "anonmap", "execbss", "execdata", "execheap", "execstack",
+        "mprotanon", "mprotbss", "mprotdata", "mprotheap", "mprotstack",
+      );
+      foreach my $name (@pax_mustkill) {
+        my $paxtest = "${pkgs.paxtest}/lib/paxtest/" . $name;
+        $machine->succeed($paxtest) =~ /Killed/ or die
+      }
     };
 
     # tcc -run executes run-time generated code and so allows us to test whether