movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-21 00:49:27 +03:00
Code Activity
nixpkgs/nixos/tests/apparmor/makeExpectedPolicies.nix
Grimmauld b27f064b54
nixos/tests/apparmor: move to folder, refactor, improve coverage 
- nixfmt on apparmor test
- move apparmor test to nixos/tests/apparmor directory
- expected profile contents are now generated in its own file to make the test file less confusing and hard to maintain
- enforce/complain is now being tested via diff of expected against aa-status
- path is now tested against diff+file checking symlink target of /etc/static/apparmor.d/<name>
- profile is now checked by diff of /etc/static/apparmor.d/<name> against original string added in nix config
- test still successfully passes
- added test for confined hello to succeed
- added test for confined hexdump on denied path to fail
2024-12-16 15:32:48 +01:00

66 lines
1.9 KiB
Nix
Raw Blame History

{ pkgs }:
''
ixr ${pkgs.bash}/libexec/**,
mr ${pkgs.bash}/lib/**.so*,
mr ${pkgs.bash}/lib64/**.so*,
mr ${pkgs.bash}/share/**,
r ${pkgs.bash},
r ${pkgs.bash}/etc/**,
r ${pkgs.bash}/lib/**,
r ${pkgs.bash}/lib64/**,
x ${pkgs.bash}/foo/**,
ixr ${pkgs.glibc}/libexec/**,
mr ${pkgs.glibc}/lib/**.so*,
mr ${pkgs.glibc}/lib64/**.so*,
mr ${pkgs.glibc}/share/**,
r ${pkgs.glibc},
r ${pkgs.glibc}/etc/**,
r ${pkgs.glibc}/lib/**,
r ${pkgs.glibc}/lib64/**,
x ${pkgs.glibc}/foo/**,
ixr ${pkgs.libcap}/libexec/**,
mr ${pkgs.libcap}/lib/**.so*,
mr ${pkgs.libcap}/lib64/**.so*,
mr ${pkgs.libcap}/share/**,
r ${pkgs.libcap},
r ${pkgs.libcap}/etc/**,
r ${pkgs.libcap}/lib/**,
r ${pkgs.libcap}/lib64/**,
x ${pkgs.libcap}/foo/**,
ixr ${pkgs.libcap.lib}/libexec/**,
mr ${pkgs.libcap.lib}/lib/**.so*,
mr ${pkgs.libcap.lib}/lib64/**.so*,
mr ${pkgs.libcap.lib}/share/**,
r ${pkgs.libcap.lib},
r ${pkgs.libcap.lib}/etc/**,
r ${pkgs.libcap.lib}/lib/**,
r ${pkgs.libcap.lib}/lib64/**,
x ${pkgs.libcap.lib}/foo/**,
ixr ${pkgs.libidn2.out}/libexec/**,
mr ${pkgs.libidn2.out}/lib/**.so*,
mr ${pkgs.libidn2.out}/lib64/**.so*,
mr ${pkgs.libidn2.out}/share/**,
r ${pkgs.libidn2.out},
r ${pkgs.libidn2.out}/etc/**,
r ${pkgs.libidn2.out}/lib/**,
r ${pkgs.libidn2.out}/lib64/**,
x ${pkgs.libidn2.out}/foo/**,
ixr ${pkgs.libunistring}/libexec/**,
mr ${pkgs.libunistring}/lib/**.so*,
mr ${pkgs.libunistring}/lib64/**.so*,
mr ${pkgs.libunistring}/share/**,
r ${pkgs.libunistring},
r ${pkgs.libunistring}/etc/**,
r ${pkgs.libunistring}/lib/**,
r ${pkgs.libunistring}/lib64/**,
x ${pkgs.libunistring}/foo/**,
ixr ${pkgs.glibc.libgcc}/libexec/**,
mr ${pkgs.glibc.libgcc}/lib/**.so*,
mr ${pkgs.glibc.libgcc}/lib64/**.so*,
mr ${pkgs.glibc.libgcc}/share/**,
r ${pkgs.glibc.libgcc},
r ${pkgs.glibc.libgcc}/etc/**,
r ${pkgs.glibc.libgcc}/lib/**,
r ${pkgs.glibc.libgcc}/lib64/**,
x ${pkgs.glibc.libgcc}/foo/**,
''
View git blame Copy permalink