pyrox.dev / nixpkgs
lol
fork atom

nixos/tests/opensnitch: assert ebpf modules are loaded successfully

Grimmauld 584d4e41 53b59eee

options
unified split
Changed files
+18 -7
nixos
tests
opensnitch.nix
+18 -7
nixos/tests/opensnitch.nix 
···

       
71

       
 

       
    server.wait_for_unit("caddy.service")


     

       
72

       
 

       
    server.wait_for_open_port(80)


     

       
73

       
 

       
  ''


     

       
74

       
-

       
  + lib.concatLines (


     

       
75

       
-

       
    map (m: ''


     

       
76

       
-

       
      client_blocked_${m}.wait_for_unit("opensnitchd.service")


     

       
77

       
-

       
      client_blocked_${m}.fail("curl http://server")


     

       

       

       
     

       
78

       
 

       



     

       
79

       
-

       
      client_allowed_${m}.wait_for_unit("opensnitchd.service")


     

       
80

       
-

       
      client_allowed_${m}.succeed("curl http://server")


     

       
81

       
-

       
    '') monitorMethods


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
82

       
 

       
  );


     

       
83

       
 

       
}


     
···

       
71

       
 

       
    server.wait_for_unit("caddy.service")


     

       
72

       
 

       
    server.wait_for_open_port(80)


     

       
73

       
 

       
  ''


     

       
74

       
+

       
  + (


     

       
75

       
+

       
    lib.concatLines (


     

       
76

       
+

       
      map (m: ''


     

       
77

       
+

       
        client_blocked_${m}.wait_for_unit("opensnitchd.service")


     

       
78

       
+

       
        client_blocked_${m}.fail("curl http://server")


     

       
79

       
 

       



     

       
80

       
+

       
        client_allowed_${m}.wait_for_unit("opensnitchd.service")


     

       
81

       
+

       
        client_allowed_${m}.succeed("curl http://server")


     

       
82

       
+

       
      '') monitorMethods


     

       
83

       
+

       
    )


     

       
84

       
+

       
    + ''


     

       
85

       
+

       
      # make sure the kernel modules were actually properly loaded


     

       
86

       
+

       
      client_blocked_ebpf.succeed(r"journalctl -u opensnitchd --grep '\[eBPF\] module loaded: /nix/store/.*/etc/opensnitchd/opensnitch\.o'")


     

       
87

       
+

       
      client_blocked_ebpf.succeed(r"journalctl -u opensnitchd --grep '\[eBPF\] module loaded: /nix/store/.*/etc/opensnitchd/opensnitch-procs\.o'")


     

       
88

       
+

       
      client_blocked_ebpf.succeed(r"journalctl -u opensnitchd --grep '\[eBPF\] module loaded: /nix/store/.*/etc/opensnitchd/opensnitch-dns\.o'")


     

       
89

       
+

       
      client_allowed_ebpf.succeed(r"journalctl -u opensnitchd --grep '\[eBPF\] module loaded: /nix/store/.*/etc/opensnitchd/opensnitch\.o'")


     

       
90

       
+

       
      client_allowed_ebpf.succeed(r"journalctl -u opensnitchd --grep '\[eBPF\] module loaded: /nix/store/.*/etc/opensnitchd/opensnitch-procs\.o'")


     

       
91

       
+

       
      client_allowed_ebpf.succeed(r"journalctl -u opensnitchd --grep '\[eBPF\] module loaded: /nix/store/.*/etc/opensnitchd/opensnitch-dns\.o'")


     

       
92

       
+

       
    ''


     

       
93

       
 

       
  );


     

       
94

       
 

       
}