security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 30 Wiki Activity

nix: test syscall filter
All checks were successful
Test / Create distribution (push) Successful in 1m30s
Details
Test / Run NixOS test (push) Successful in 4m17s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-02-13 22:01:16 +09:00
parent 58eb8f971d
commit 318df0f7e1
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
test.nix
View File

@ -147,6 +147,18 @@ nixosTest {
pulse = false; pulse = false;
}; };
} }
{
name = "strace-failure";
verbose = true;
share = pkgs.strace;
command = "strace true";
capability = {
wayland = false;
x11 = false;
dbus = false;
pulse = false;
};
}
]; ];
}; };
@ -310,6 +322,9 @@ nixosTest {
machine.send_chars("exit\n") machine.send_chars("exit\n")
machine.wait_until_fails("pgrep alacritty") machine.wait_until_fails("pgrep alacritty")
# Test syscall filter:
print(machine.fail("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 strace-failure"))
# Exit Sway and verify process exit status 0: # Exit Sway and verify process exit status 0:
swaymsg("exit", succeed=False) swaymsg("exit", succeed=False)
machine.wait_until_fails("pgrep -x sway") machine.wait_until_fails("pgrep -x sway")