nixos/tests/incus: add AppArmor test

Currently limit the test scope to instanceContainer since there is a known issue. allTests might cause too many false positives.
NixOS · Mar 3, 2025 · e1778e6 · e1778e6
1 parent c223a09
commit e1778e6
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/nixos/tests/incus/default.nix b/nixos/tests/incus/default.nix
@@ -46,4 +46,10 @@ in
     inherit lts pkgs system;
     storageZfs = true;
   };
+
+  appArmor = incusTest {
+    inherit lts pkgs system;
+    appArmor = true;
+    instanceContainer = true;
+  };
 }
diff --git a/nixos/tests/incus/incus-tests.nix b/nixos/tests/incus/incus-tests.nix
@@ -4,6 +4,7 @@ import ../make-test-python.nix (
     lib,
 
     lts ? true,
+    appArmor ? false,
 
     allTests ? false,
 
@@ -139,6 +140,11 @@ import ../make-test-python.nix (
       networking.hostId = "01234567";
       networking.firewall.trustedInterfaces = [ "incusbr0" ];
 
+      security = {
+        apparmor.enable = appArmor;
+        dbus.apparmor = lib.optionalString appArmor "enabled";
+      };
+
       services.lvm = {
         boot.thin.enable = storageLvm;
         dmeventd.enable = storageLvm;