From 01b589a7f89d204518ebfc09e07d6161e7739617 Mon Sep 17 00:00:00 2001 From: r-vdp Date: Thu, 8 May 2025 12:32:46 +0200 Subject: [PATCH] systemd-initrd: add test to ensure that the permissions on the systemd generators are correct --- nixos/tests/systemd-initrd-simple.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/tests/systemd-initrd-simple.nix b/nixos/tests/systemd-initrd-simple.nix index 7a379404bbc2..646eb9e0ac2c 100644 --- a/nixos/tests/systemd-initrd-simple.nix +++ b/nixos/tests/systemd-initrd-simple.nix @@ -50,6 +50,9 @@ import ./make-test-python.nix ( newAvail = machine.succeed("df --output=avail / | sed 1d") assert int(oldAvail) < int(newAvail), "File system did not grow" + + with subtest("no warnings from systemd about write permissions"): + machine.fail("journalctl -b 0 | grep 'is marked world-writable, which is a security risk as it is executed with privileges'") ''; } )