nixos/tests/incus: add AppArmor test

Currently limit the test scope to instanceContainer since there is a known issue. allTests might cause too many false positives. initLegacy is also disabled to reduce test size.
NixOS · Mar 11, 2025 · ba91cb1 · ba91cb1
1 parent 980e536
commit ba91cb1
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/nixos/tests/incus/default.nix b/nixos/tests/incus/default.nix
@@ -46,4 +46,11 @@ in
     inherit lts pkgs system;
     storageZfs = true;
   };
+
+  appArmor = incusTest {
+    inherit lts pkgs system;
+    appArmor = true;
+    initLegacy = false;
+    instanceContainer = true;
+  };
 }
diff --git a/nixos/tests/incus/incus-tests.nix b/nixos/tests/incus/incus-tests.nix
@@ -7,6 +7,7 @@ import ../make-test-python.nix (
 
     allTests ? false,
 
+    appArmor ? false,
     featureUser ? allTests,
     initLegacy ? true,
     initSystemd ? true,
@@ -139,6 +140,9 @@ import ../make-test-python.nix (
       networking.hostId = "01234567";
       networking.firewall.trustedInterfaces = [ "incusbr0" ];
 
+      security.apparmor.enable = appArmor;
+      services.dbus.apparmor = (if appArmor then "enabled" else "disabled");
+
       services.lvm = {
         boot.thin.enable = storageLvm;
         dmeventd.enable = storageLvm;