diff options
| author | aszlig <aszlig@nix.build> | 2019-03-14 15:26:10 +0100 |
|---|---|---|
| committer | aszlig <aszlig@nix.build> | 2019-03-14 19:14:03 +0100 |
| commit | 0ba48f46dacf1d0771cb1995a9a0ff6c1bd2e4fb (patch) | |
| tree | 65d35c862b0fe671969671f02d1c459dbda871e7 /nixos/tests | |
| parent | ac64ce994509aaad8c5b55254595a5f989ba24e9 (diff) | |
| download | nixpkgs-0ba48f46dacf1d0771cb1995a9a0ff6c1bd2e4fb.tar nixpkgs-0ba48f46dacf1d0771cb1995a9a0ff6c1bd2e4fb.tar.gz nixpkgs-0ba48f46dacf1d0771cb1995a9a0ff6c1bd2e4fb.tar.bz2 nixpkgs-0ba48f46dacf1d0771cb1995a9a0ff6c1bd2e4fb.tar.lz nixpkgs-0ba48f46dacf1d0771cb1995a9a0ff6c1bd2e4fb.tar.xz nixpkgs-0ba48f46dacf1d0771cb1995a9a0ff6c1bd2e4fb.tar.zst nixpkgs-0ba48f46dacf1d0771cb1995a9a0ff6c1bd2e4fb.zip | |
nixos/systemd-chroot: Rename chroot to confinement
Quoting @edolstra from [1]: I don't really like the name "chroot", something like "confine[ment]" or "restrict" seems better. Conceptually we're not providing a completely different filesystem tree but a restricted view of the same tree. I already used "confinement" as a sub-option and I do agree that "chroot" sounds a bit too specific (especially because not *only* chroot is involved). So this changes the module name and its option to use "confinement" instead of "chroot" and also renames the "chroot.confinement" to "confinement.mode". [1]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-472855704 Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/all-tests.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/systemd-confinement.nix (renamed from nixos/tests/systemd-chroot.nix) | 12 |
2 files changed, 7 insertions, 7 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index fe67e245350..70103c4e6da 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -216,7 +216,7 @@ in switchTest = handleTest ./switch-test.nix {}; syncthing-relay = handleTest ./syncthing-relay.nix {}; systemd = handleTest ./systemd.nix {}; - systemd-chroot = handleTest ./systemd-chroot.nix {}; + systemd-confinement = handleTest ./systemd-confinement.nix {}; taskserver = handleTest ./taskserver.nix {}; telegraf = handleTest ./telegraf.nix {}; tomcat = handleTest ./tomcat.nix {}; diff --git a/nixos/tests/systemd-chroot.nix b/nixos/tests/systemd-confinement.nix index 523e1ad9f4d..448d34ec30b 100644 --- a/nixos/tests/systemd-chroot.nix +++ b/nixos/tests/systemd-confinement.nix @@ -1,5 +1,5 @@ import ./make-test.nix { - name = "systemd-chroot"; + name = "systemd-confinement"; machine = { pkgs, lib, ... }: let testServer = pkgs.writeScript "testserver.sh" '' @@ -26,13 +26,13 @@ import ./make-test.nix { }; systemd.services."test${toString num}@" = { - description = "Chrooted Test Service ${toString num}"; - chroot = (config.chroot or {}) // { enable = true; }; + description = "Confined Test Service ${toString num}"; + confinement = (config.confinement or {}) // { enable = true; }; serviceConfig = (config.serviceConfig or {}) // { ExecStart = testServer; StandardInput = "socket"; }; - } // removeAttrs config [ "chroot" "serviceConfig" ]; + } // removeAttrs config [ "confinement" "serviceConfig" ]; __testSteps = lib.mkOrder num '' subtest '${lib.escape ["\\" "'"] description}', sub { @@ -45,7 +45,7 @@ import ./make-test.nix { in { imports = lib.imap1 mkTestStep [ { description = "chroot-only confinement"; - config.chroot.confinement = "chroot-only"; + config.confinement.mode = "chroot-only"; testScript = '' $machine->succeed( 'test "$(chroot-exec ls -1 / | paste -sd,)" = bin,nix', @@ -88,7 +88,7 @@ import ./make-test.nix { } "ln -s \"$target\" \"$out\""; in { description = "check if symlinks are properly bind-mounted"; - config.chroot.packages = lib.singleton symlink; + config.confinement.packages = lib.singleton symlink; testScript = '' $machine->fail('chroot-exec test -e /etc'); $machine->succeed('chroot-exec cat ${symlink} >&2'); |