···
1
-
import ./make-test-python.nix ({ pkgs, lib, ... } : {
3
-
meta.maintainers = with lib.maintainers; [ julm grimmauld ];
1
+
import ./make-test-python.nix (
5
+
meta.maintainers = with lib.maintainers; [
6
-
{ lib, pkgs, config, ... }:
8
-
security.apparmor.enable = lib.mkDefault true;
18
+
security.apparmor.enable = lib.mkDefault true;
machine.wait_for_unit("multi-user.target")
with subtest("AppArmor profiles are loaded"):
···
with subtest("apparmorRulesFromClosure"):
"${pkgs.diffutils}/bin/diff -u ${pkgs.writeText "expected.rules" ''
31
-
mr ${pkgs.bash}/lib/**.so*,
33
-
r ${pkgs.bash}/etc/**,
34
-
r ${pkgs.bash}/lib/**,
35
-
r ${pkgs.bash}/share/**,
36
-
x ${pkgs.bash}/foo/**,
37
-
mr ${pkgs.glibc}/lib/**.so*,
39
-
r ${pkgs.glibc}/etc/**,
40
-
r ${pkgs.glibc}/lib/**,
41
-
r ${pkgs.glibc}/share/**,
42
-
x ${pkgs.glibc}/foo/**,
43
-
mr ${pkgs.libcap}/lib/**.so*,
45
-
r ${pkgs.libcap}/etc/**,
46
-
r ${pkgs.libcap}/lib/**,
47
-
r ${pkgs.libcap}/share/**,
48
-
x ${pkgs.libcap}/foo/**,
49
-
mr ${pkgs.libcap.lib}/lib/**.so*,
50
-
r ${pkgs.libcap.lib},
51
-
r ${pkgs.libcap.lib}/etc/**,
52
-
r ${pkgs.libcap.lib}/lib/**,
53
-
r ${pkgs.libcap.lib}/share/**,
54
-
x ${pkgs.libcap.lib}/foo/**,
55
-
mr ${pkgs.libidn2.out}/lib/**.so*,
56
-
r ${pkgs.libidn2.out},
57
-
r ${pkgs.libidn2.out}/etc/**,
58
-
r ${pkgs.libidn2.out}/lib/**,
59
-
r ${pkgs.libidn2.out}/share/**,
60
-
x ${pkgs.libidn2.out}/foo/**,
61
-
mr ${pkgs.libunistring}/lib/**.so*,
62
-
r ${pkgs.libunistring},
63
-
r ${pkgs.libunistring}/etc/**,
64
-
r ${pkgs.libunistring}/lib/**,
65
-
r ${pkgs.libunistring}/share/**,
66
-
x ${pkgs.libunistring}/foo/**,
67
-
mr ${pkgs.glibc.libgcc}/lib/**.so*,
68
-
r ${pkgs.glibc.libgcc},
69
-
r ${pkgs.glibc.libgcc}/etc/**,
70
-
r ${pkgs.glibc.libgcc}/lib/**,
71
-
r ${pkgs.glibc.libgcc}/share/**,
72
-
x ${pkgs.glibc.libgcc}/foo/**,
73
-
''} ${pkgs.runCommand "actual.rules" { preferLocalBuild = true; } ''
40
+
mr ${pkgs.bash}/lib/**.so*,
42
+
r ${pkgs.bash}/etc/**,
43
+
r ${pkgs.bash}/lib/**,
44
+
r ${pkgs.bash}/share/**,
45
+
x ${pkgs.bash}/foo/**,
46
+
mr ${pkgs.glibc}/lib/**.so*,
48
+
r ${pkgs.glibc}/etc/**,
49
+
r ${pkgs.glibc}/lib/**,
50
+
r ${pkgs.glibc}/share/**,
51
+
x ${pkgs.glibc}/foo/**,
52
+
mr ${pkgs.libcap}/lib/**.so*,
54
+
r ${pkgs.libcap}/etc/**,
55
+
r ${pkgs.libcap}/lib/**,
56
+
r ${pkgs.libcap}/share/**,
57
+
x ${pkgs.libcap}/foo/**,
58
+
mr ${pkgs.libcap.lib}/lib/**.so*,
59
+
r ${pkgs.libcap.lib},
60
+
r ${pkgs.libcap.lib}/etc/**,
61
+
r ${pkgs.libcap.lib}/lib/**,
62
+
r ${pkgs.libcap.lib}/share/**,
63
+
x ${pkgs.libcap.lib}/foo/**,
64
+
mr ${pkgs.libidn2.out}/lib/**.so*,
65
+
r ${pkgs.libidn2.out},
66
+
r ${pkgs.libidn2.out}/etc/**,
67
+
r ${pkgs.libidn2.out}/lib/**,
68
+
r ${pkgs.libidn2.out}/share/**,
69
+
x ${pkgs.libidn2.out}/foo/**,
70
+
mr ${pkgs.libunistring}/lib/**.so*,
71
+
r ${pkgs.libunistring},
72
+
r ${pkgs.libunistring}/etc/**,
73
+
r ${pkgs.libunistring}/lib/**,
74
+
r ${pkgs.libunistring}/share/**,
75
+
x ${pkgs.libunistring}/foo/**,
76
+
mr ${pkgs.glibc.libgcc}/lib/**.so*,
77
+
r ${pkgs.glibc.libgcc},
78
+
r ${pkgs.glibc.libgcc}/etc/**,
79
+
r ${pkgs.glibc.libgcc}/lib/**,
80
+
r ${pkgs.glibc.libgcc}/share/**,
81
+
x ${pkgs.glibc.libgcc}/foo/**,
83
+
pkgs.runCommand "actual.rules" { preferLocalBuild = true; } ''
${pkgs.gnused}/bin/sed -e 's:^[^ ]* ${builtins.storeDir}/[^,/-]*-\([^/,]*\):\1 \0:' ${
75
-
pkgs.apparmorRulesFromClosure {
77
-
additionalRules = ["x $path/foo/**"];
85
+
pkgs.apparmorRulesFromClosure {
87
+
additionalRules = [ "x $path/foo/**" ];
${pkgs.coreutils}/bin/sort -n -k1 |
${pkgs.gnused}/bin/sed -e 's:^[^ ]* ::' >$out
pyrox.dev