greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests: add dbus-hardening and hideProcessInformation

Browse Source
This commit is contained in:
nixbitcoin 2020-07-27 18:08:38 +00:00
parent 0248e6493f
commit 6a8e29e016
No known key found for this signature in database
GPG Key ID: DD11F9AD5308B3BA
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
test/scenarios/default.py
View File

@ -51,6 +51,13 @@ assert_matches("curl -L localhost/store", "tshirt")
machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist"))
assert_no_failure("bitcoind-import-banlist")
# test that `systemctl status` can't leak credentials
assert_matches(
"sudo -u electrs systemctl status clightning 2>&1 >/dev/null",
"Failed to dump process list for 'clightning.service', ignoring: Access denied",
)
machine.succeed("grep -Fq hidepid=2 /proc/mounts")
### Additional tests
# Current time in µs

7
test/scenarios/withnetns.py
View File

@ -113,6 +113,13 @@ assert_matches_exactly(
# test that netns-exec can not be executed by users that are not operator
machine.fail("sudo -u clightning netns-exec nb-bitcoind ip a")
# test that `systemctl status` can't leak credentials
assert_matches(
"sudo -u electrs systemctl status clightning 2>&1 >/dev/null",
"Failed to dump process list for 'clightning.service', ignoring: Access denied",
)
machine.succeed("grep -Fq hidepid=2 /proc/mounts")
### Additional tests
# Current time in µs