From e1778e6e7f54ef1c370b2384a827fe7551e5cf01 Mon Sep 17 00:00:00 2001
From: MakiseKurisu <MakiseKurisu@users.noreply.github.com>
Date: Mon, 3 Mar 2025 13:01:14 +0800
Subject: [PATCH] nixos/tests/incus: add AppArmor test

Currently limit the test scope to instanceContainer since there is a known issue.
allTests might cause too many false positives.
---
 nixos/tests/incus/default.nix     | 6 ++++++
 nixos/tests/incus/incus-tests.nix | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/nixos/tests/incus/default.nix b/nixos/tests/incus/default.nix
index 1144dd5bd2682e..3e43147fbf37e5 100644
--- a/nixos/tests/incus/default.nix
+++ b/nixos/tests/incus/default.nix
@@ -46,4 +46,10 @@ in
     inherit lts pkgs system;
     storageZfs = true;
   };
+
+  appArmor = incusTest {
+    inherit lts pkgs system;
+    appArmor = true;
+    instanceContainer = true;
+  };
 }
diff --git a/nixos/tests/incus/incus-tests.nix b/nixos/tests/incus/incus-tests.nix
index 1b9b590863e3dd..a9f7308e7d33c6 100644
--- a/nixos/tests/incus/incus-tests.nix
+++ b/nixos/tests/incus/incus-tests.nix
@@ -4,6 +4,7 @@ import ../make-test-python.nix (
     lib,
 
     lts ? true,
+    appArmor ? false,
 
     allTests ? false,
 
@@ -139,6 +140,11 @@ import ../make-test-python.nix (
       networking.hostId = "01234567";
       networking.firewall.trustedInterfaces = [ "incusbr0" ];
 
+      security = {
+        apparmor.enable = appArmor;
+        dbus.apparmor = lib.optionalString appArmor "enabled";
+      };
+
       services.lvm = {
         boot.thin.enable = storageLvm;
         dmeventd.enable = storageLvm;