b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/tests: drop latestKernel.hardened

Browse source 
The latest kernel does not guarantee a hardened version anymore,
see ga5341beb for the motivation.
This commit is contained in:
rnhmjoj 2021-09-22 11:06:17 +02:00
parent 88b3c29cf1
commit 1f55c7e022
No known key found for this signature in database
GPG key ID: BFBAF4C975F76450
2 changed files with 1 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/tests/all-tests.nix
View file

@ -223,7 +223,6 @@ in
krb5 = discoverTests (import ./krb5 {});
ksm = handleTest ./ksm.nix {};
kubernetes = handleTestOn ["x86_64-linux"] ./kubernetes {};
latestKernel.hardened = handleTest ./hardened.nix { latestKernel = true; };
latestKernel.login = handleTest ./login.nix { latestKernel = true; };
leaps = handleTest ./leaps.nix {};
libreddit = handleTest ./libreddit.nix {};

4
nixos/tests/hardened.nix
View file

@ -1,4 +1,4 @@
import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : {
import ./make-test-python.nix ({ pkgs, ... } : {
name = "hardened";
meta = with pkgs.lib.maintainers; {
maintainers = [ joachifm ];
@ -10,8 +10,6 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : {
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
users.users.sybil = { isNormalUser = true; group = "wheel"; };
imports = [ ../modules/profiles/hardened.nix ];
boot.kernelPackages =
lib.mkIf latestKernel pkgs.linuxPackages_latest_hardened;
environment.memoryAllocator.provider = "graphene-hardened";
nix.useSandbox = false;
virtualisation.emptyDiskImages = [ 4096 ];