nixos/locate: Exclude fuse.sshfs

The "fuse" and "sshfs" entries already present are not keeping this find invocation out of sshfs mounts, which present as fstype "fuse.sshfs"
author: Scott Worley <scottworley@scottworley.com> 2020-11-22 21:57:00 -0800
committer: Chuck <chuck@intelligence.org> 2020-12-10 12:59:13 -0800
commit: 86f0dc221f7a0291e87d3b311393a018a92cfbda (patch)
tree: bb167ceed0a6513de90f5ece9e1ec9c5ff84bdf8 /nixos
parent: e0e08a186dbec9ccaaace0c0b939e901c3893aa7 (diff)
2 files changed, 42 insertions, 0 deletions
diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix
index 411f5e05835e..426281c94129 100644
--- a/nixos/modules/misc/locate.nix
+++ b/nixos/modules/misc/locate.nix
@@ -98,6 +98,7 @@ in {
         "ftpfs"
         "fuse"
         "fusectl"
+        "fuse.sshfs"
         "gfs"
         "gfs2"
         "hostfs"
diff --git a/nixos/tests/locate.nix b/nixos/tests/locate.nix
index d351410be307..8818607f955e 100644
--- a/nixos/tests/locate.nix
+++ b/nixos/tests/locate.nix
@@ -6,16 +6,57 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
 
     nodes = rec {
       a = {
+        environment.systemPackages = with pkgs; [ sshfs ];
+        fileSystems = lib.mkVMOverride {
+          "/ssh" = {
+            device = "alice@b:/";
+            fsType = "fuse.sshfs";
+            options = [
+              "allow_other"
+              "IdentityFile=/privkey"
+              "noauto"
+              "StrictHostKeyChecking=no"
+              "UserKnownHostsFile=/dev/null"
+            ];
+          };
+        };
         services.locate = {
           enable = true;
           interval = "*:*:0/5";
         };
       };
+      b = {
+        services.openssh.enable = true;
+        users.users.alice = {
+          isNormalUser = true;
+          openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
+        };
+      };
     };
 
     testScript = ''
+      start_all()
+
+      # Set up sshfs mount
+      a.succeed(
+          "(umask 077; cat ${snakeOilPrivateKey} > /privkey)"
+      )
+      b.succeed("touch /file-on-b-machine")
+      b.wait_for_open_port(22)
+      a.succeed("mkdir /ssh")
+      a.succeed("mount /ssh")
+
+      # Core locatedb functionality
       a.succeed("touch /file-on-a-machine-1")
       a.wait_for_file("/var/cache/locatedb")
       a.wait_until_succeeds("locate file-on-a-machine-1")
+
+      # Wait for a second update to make sure we're using a locatedb from a run
+      # that began after the sshfs mount
+      a.succeed("touch /file-on-a-machine-2")
+      a.wait_until_succeeds("locate file-on-a-machine-2")
+
+      # We shouldn't be able to see files on the other machine
+      a.fail("locate file-on-b-machine")
     '';
   })
author	Scott Worley <scottworley@scottworley.com>	2020-11-22 21:57:00 -0800
committer	Chuck <chuck@intelligence.org>	2020-12-10 12:59:13 -0800
commit	86f0dc221f7a0291e87d3b311393a018a92cfbda (patch)
tree	bb167ceed0a6513de90f5ece9e1ec9c5ff84bdf8 /nixos
parent	e0e08a186dbec9ccaaace0c0b939e901c3893aa7 (diff)