talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos/public-inbox: test confinement

Browse Source
This commit is contained in:
Julien Moutinho 2025-01-24 11:27:27 +01:00 committed by Alyssa Ross
parent 69b606d103
commit bbb68bef2e
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/tests/public-inbox.nix
View File

@ -183,6 +183,12 @@ import ./make-test-python.nix (
testScript = '' testScript = ''
start_all() start_all()
# The threshold and/or hardening may have to be changed with new features/checks
with subtest("systemd hardening thresholds"):
print(machine.succeed("systemd-analyze security public-inbox-httpd.service --threshold=5 --no-pager"))
print(machine.succeed("systemd-analyze security public-inbox-imapd.service --threshold=5 --no-pager"))
print(machine.succeed("systemd-analyze security public-inbox-nntpd.service --threshold=4 --no-pager"))
machine.wait_for_unit("multi-user.target") machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("public-inbox-init.service") machine.wait_for_unit("public-inbox-init.service")