39 lines
1.4 KiB
Nix
39 lines
1.4 KiB
Nix
|
import ./make-test-python.nix ({ lib, ... }:
|
||
|
{
|
||
|
name = "isolate";
|
||
|
meta.maintainers = with lib.maintainers; [ virchau13 ];
|
||
|
|
||
|
nodes.machine =
|
||
|
{ ... }:
|
||
|
{
|
||
|
security.isolate = {
|
||
|
enable = true;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
testScript = ''
|
||
|
bash_path = machine.succeed('realpath $(which bash)').strip()
|
||
|
sleep_path = machine.succeed('realpath $(which sleep)').strip()
|
||
|
def sleep_test(walltime, sleeptime):
|
||
|
return f'isolate --no-default-dirs --wall-time {walltime} ' + \
|
||
|
f'--dir=/box={box_path} --dir=/nix=/nix --run -- ' + \
|
||
|
f"{bash_path} -c 'exec -a sleep {sleep_path} {sleeptime}'"
|
||
|
|
||
|
def sleep_test_cg(walltime, sleeptime):
|
||
|
return f'isolate --cg --no-default-dirs --wall-time {walltime} ' + \
|
||
|
f'--dir=/box={box_path} --dir=/nix=/nix --processes=2 --run -- ' + \
|
||
|
f"{bash_path} -c '( exec -a sleep {sleep_path} {sleeptime} )'"
|
||
|
|
||
|
with subtest("without cgroups"):
|
||
|
box_path = machine.succeed('isolate --init').strip()
|
||
|
machine.succeed(sleep_test(1, 0.5))
|
||
|
machine.fail(sleep_test(0.5, 1))
|
||
|
machine.succeed('isolate --cleanup')
|
||
|
with subtest("with cgroups"):
|
||
|
box_path = machine.succeed('isolate --cg --init').strip()
|
||
|
machine.succeed(sleep_test_cg(1, 0.5))
|
||
|
machine.fail(sleep_test_cg(0.5, 1))
|
||
|
machine.succeed('isolate --cg --cleanup')
|
||
|
'';
|
||
|
})
|