diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2018-11-24 15:13:03 +0100 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2018-11-24 16:06:21 +0100 |
| commit | 6a7f02d89debadceaddd91ea3b9deb059597a927 (patch) | |
| tree | c587793f4e7a80895ce86ba1cc337623a014a27e /nixos/tests/hardened.nix | |
| parent | 62623b60d5fed91ac676d6f4a70a12570090d513 (diff) | |
| download | nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.gz nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.bz2 nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.lz nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.xz nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.zst nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.zip | |
nixos/hardened: restrict access to nix daemon
Diffstat (limited to 'nixos/tests/hardened.nix')
| -rw-r--r-- | nixos/tests/hardened.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix index bc279e489f9..e10a6363164 100644 --- a/nixos/tests/hardened.nix +++ b/nixos/tests/hardened.nix @@ -64,5 +64,11 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->succeed("mount /dev/disk/by-label/EFISYS /efi"); $machine->succeed("mountpoint -q /efi"); # now mounted }; + + # Test Nix dæmon usage + subtest "nix-daemon", sub { + $machine->fail("su -l nobody -s /bin/sh -c 'nix ping-store'"); + $machine->succeed("su -l alice -c 'nix ping-store'") =~ "OK"; + }; ''; }) |