diff options
| author | Tim Steinbach <tim@nequissimus.com> | 2020-10-05 09:07:21 -0400 |
|---|---|---|
| committer | Tim Steinbach <tim@nequissimus.com> | 2020-10-05 09:07:21 -0400 |
| commit | 03197f94ce2d4b0feb673840d30f602e93357040 (patch) | |
| tree | 1d37bfa42719a7d1780a7a11d3369aa058b827a0 /nixos/tests/hardened.nix | |
| parent | dedd67610abaf200798e445bdc8356bfbac7ebd6 (diff) | |
tests/hardened: Fix usage with 5.8
Linux >= 5.8 improved /proc mount options. `hidepid=2` is now
displayed as `hidepid=invisible`
Diffstat (limited to 'nixos/tests/hardened.nix')
| -rw-r--r-- | nixos/tests/hardened.nix | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index 8d845de70e24..ab5fa609e072 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -67,7 +67,10 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : { # Test hidepid with subtest("hidepid=2 option is applied and works"): - machine.succeed("grep -Fq hidepid=2 /proc/mounts") + # Linux >= 5.8 shows "invisible" + machine.succeed( + "grep -Fq hidepid=2 /proc/mounts || grep -Fq hidepid=invisible /proc/mounts" + ) # cannot use pgrep -u here, it segfaults when access to process info is denied machine.succeed("[ `su - sybil -c 'ps --no-headers --user root | wc -l'` = 0 ]") machine.succeed("[ `su - alice -c 'ps --no-headers --user root | wc -l'` != 0 ]") |