54 lines
1.4 KiB
Nix
54 lines
1.4 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
testPkgs = pkgs.appendOverlays [ (import ../modules/overlays.nix) ];
|
|
in
|
|
testPkgs.testers.runNixOSTest {
|
|
name = "file-perms test";
|
|
|
|
nodes.machine =
|
|
{ pkgs, ... }:
|
|
{
|
|
imports = [
|
|
(lib.serviceFilePerms "test-service" [
|
|
"Z /tmp/test-perms-dir 0750 nobody nogroup"
|
|
])
|
|
];
|
|
|
|
systemd.services."test-service" = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
ExecStart = lib.getExe pkgs.bash;
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
start_all()
|
|
machine.wait_for_unit("multi-user.target")
|
|
|
|
# Create test directory with wrong permissions
|
|
machine.succeed("mkdir -p /tmp/test-perms-dir")
|
|
machine.succeed("chown root:root /tmp/test-perms-dir")
|
|
machine.succeed("chmod 700 /tmp/test-perms-dir")
|
|
|
|
# Start service -- this should pull in test-service-file-perms
|
|
machine.succeed("systemctl start test-service")
|
|
|
|
# Verify file-perms service ran and is active
|
|
machine.succeed("systemctl is-active test-service-file-perms.service")
|
|
|
|
# Verify permissions were fixed by tmpfiles
|
|
result = machine.succeed("stat -c '%U:%G' /tmp/test-perms-dir").strip()
|
|
assert result == "nobody:nogroup", f"Expected nobody:nogroup, got {result}"
|
|
|
|
result = machine.succeed("stat -c '%a' /tmp/test-perms-dir").strip()
|
|
assert result == "750", f"Expected 750, got {result}"
|
|
'';
|
|
}
|