summary refs log tree commit diff
path: root/nixos/tests/systemd-confinement.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/tests/systemd-confinement.nix')
-rw-r--r--nixos/tests/systemd-confinement.nix26
1 files changed, 26 insertions, 0 deletions
diff --git a/nixos/tests/systemd-confinement.nix b/nixos/tests/systemd-confinement.nix
index 448d34ec30b..63cb074d7ca 100644
--- a/nixos/tests/systemd-confinement.nix
+++ b/nixos/tests/systemd-confinement.nix
@@ -106,6 +106,32 @@ import ./make-test.nix {
           $machine->succeed('test ! -e /tmp/canary');
         '';
       }
+      { description = "check if /bin/sh works";
+        testScript = ''
+          $machine->succeed(
+            'chroot-exec test -e /bin/sh',
+            'test "$(chroot-exec \'/bin/sh -c "echo bar"\')" = bar',
+          );
+        '';
+      }
+      { description = "check if suppressing /bin/sh works";
+        config.confinement.binSh = null;
+        testScript = ''
+          $machine->succeed(
+            'chroot-exec test ! -e /bin/sh',
+            'test "$(chroot-exec \'/bin/sh -c "echo foo"\')" != foo',
+          );
+        '';
+      }
+      { description = "check if we can set /bin/sh to something different";
+        config.confinement.binSh = "${pkgs.hello}/bin/hello";
+        testScript = ''
+          $machine->succeed(
+            'chroot-exec test -e /bin/sh',
+            'test "$(chroot-exec /bin/sh -g foo)" = foo',
+          );
+        '';
+      }
     ];
 
     options.__testSteps = lib.mkOption {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-26 16:04:12 +0000