nixos/tests/isolate.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / isolate.nix
at 25.11-pre 1.5 kB view raw
 1import ./make-test-python.nix (
 2  { lib, ... }:
 3  {
 4    name = "isolate";
 5    meta.maintainers = with lib.maintainers; [ virchau13 ];
 6
 7    nodes.machine =
 8      { ... }:
 9      {
10        security.isolate = {
11          enable = true;
12        };
13      };
14
15    testScript = ''
16      bash_path = machine.succeed('realpath $(which bash)').strip()
17      sleep_path = machine.succeed('realpath $(which sleep)').strip()
18      def sleep_test(walltime, sleeptime):
19          return f'isolate --no-default-dirs --wall-time {walltime} ' + \
20              f'--dir=/box={box_path} --dir=/nix=/nix --run -- ' + \
21              f"{bash_path} -c 'exec -a sleep {sleep_path} {sleeptime}'"
22
23      def sleep_test_cg(walltime, sleeptime):
24          return f'isolate --cg --no-default-dirs --wall-time {walltime} ' + \
25              f'--dir=/box={box_path} --dir=/nix=/nix --processes=2 --run -- ' + \
26              f"{bash_path} -c '( exec -a sleep {sleep_path} {sleeptime} )'"
27
28      with subtest("without cgroups"):
29          box_path = machine.succeed('isolate --init').strip()
30          machine.succeed(sleep_test(1, 0.5))
31          machine.fail(sleep_test(0.5, 1))
32          machine.succeed('isolate --cleanup')
33      with subtest("with cgroups"):
34          box_path = machine.succeed('isolate --cg --init').strip()
35          machine.succeed(sleep_test_cg(1, 0.5))
36          machine.fail(sleep_test_cg(0.5, 1))
37          machine.succeed('isolate --cg --cleanup')
38    '';
39  }
40)