nixos/tests/boot-stage2: check mount options

The option `boot.nixStoreMountOpts` needs to be tested. Trying to put a SUID/SGID file into the store will fail because of seccomp filters. The best test we can do, without intentionally dropping the seccomp filter here, is to just check `findmnt` and read the mount options in use.
2025-05-12 10:47:58 +02:00 · 2025-05-12 10:47:58 +02:00 · 55f225049e
commit 55f225049e
parent 4e440ec124
1 changed files with 4 additions and 0 deletions
--- a/nixos/tests/boot-stage2.nix
+++ b/nixos/tests/boot-stage2.nix
@ -66,6 +66,10 @@ import ./make-test-python.nix (
      machine.wait_for_unit("multi-user.target")
      machine.succeed("test /etc/post-boot-ran")
      machine.fail("touch /nix/store/should-not-work");
+
+      for opt in ["ro", "nosuid", "nodev"]:
+        with subtest(f"testing store mount option: {opt}"):
+          machine.succeed(f'[[ "$(findmnt --direction backward --first-only --noheadings --output OPTIONS /nix/store)" =~ (^|,){opt}(,|$) ]]')
    '';

    meta.maintainers = with pkgs.lib.maintainers; [ numinit ];