mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2026-04-12 17:21:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
talos/pkg/machinery/kernel/kernel_test.go
Andrey Smirnov b95912e049
feat: enforce proc_mem.force_override=never by default 
Note: this is Talos 1.13 only, and will only be enabled once we get to
release v1.13.0-alpha.0.

See https://github.com/siderolabs/pkgs/pull/1412#issuecomment-3665787378
for more details.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
2025-12-18 15:43:21 +04:00

181 lines
3.5 KiB
Go
Raw Blame History

// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package kernel_test
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/siderolabs/talos/pkg/machinery/imager/quirks"
"github.com/siderolabs/talos/pkg/machinery/kernel"
)
func TestParamPath(t *testing.T) {
t.Parallel()
tests := []struct {
name string
param *kernel.Param
want string
}{
{
name: "Test Sysfs Path",
param: &kernel.Param{
Key: kernel.Sysfs + ".block.sda.queue.scheduler",
},
want: "/sys/block/sda/queue/scheduler",
},
{
name: "Test Sysctl Path",
param: &kernel.Param{
Key: kernel.Sysctl + ".net.ipv6.conf.eth0.accept_ra",
},
want: "/proc/sys/net/ipv6/conf/eth0/accept_ra",
},
{
name: "Test Sysctl Path with vlan interface untouched",
param: &kernel.Param{
Key: kernel.Sysctl + ".net/ipv6/conf/eth0.103/disable_ipv6",
},
want: "/proc/sys/net/ipv6/conf/eth0.103/disable_ipv6",
},
{
name: "Test Sysctl Path with vlan interface inverted",
param: &kernel.Param{
Key: kernel.Sysctl + ".net.ipv6.conf.eth0/103.disable_ipv6",
},
want: "/proc/sys/net/ipv6/conf/eth0.103/disable_ipv6",
},
{
name: "Test Sysctl Path with invalid symbols which translate to '..'",
param: &kernel.Param{
Key: kernel.Sysctl + ".net.ipv6.conf.eth0/103.//.disable_ipv6",
},
want: "/proc/sys/net/ipv6/conf/disable_ipv6",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
if got := tt.param.Path(); got != tt.want {
t.Errorf("Param.Path() = %v, want %v", got, tt.want)
}
})
}
}
func TestDefaultKernelArgs(t *testing.T) {
t.Parallel()
for _, test := range []struct {
name string
quirks quirks.Quirks
expected []string
}{
{
name: "latest",
expected: []string{
"init_on_alloc=1",
"slab_nomerge=",
"pti=on",
"consoleblank=0",
"nvme_core.io_timeout=4294967295",
"printk.devkmsg=on",
"selinux=1",
"module.sig_enforce=1",
"proc_mem.force_override=never",
},
},
{
name: "v1.9",
quirks: quirks.New("v1.9.0"),
expected: []string{
"init_on_alloc=1",
"slab_nomerge=",
"pti=on",
"consoleblank=0",
"nvme_core.io_timeout=4294967295",
"printk.devkmsg=on",
"ima_template=ima-ng",
"ima_appraise=fix",
"ima_hash=sha512",
},
},
{
name: "v1.12",
quirks: quirks.New("v1.12.0"),
expected: []string{
"init_on_alloc=1",
"slab_nomerge=",
"pti=on",
"consoleblank=0",
"nvme_core.io_timeout=4294967295",
"printk.devkmsg=on",
"selinux=1",
"module.sig_enforce=1",
},
},
{
name: "v1.13",
quirks: quirks.New("v1.13.0"),
expected: []string{
"init_on_alloc=1",
"slab_nomerge=",
"pti=on",
"consoleblank=0",
"nvme_core.io_timeout=4294967295",
"printk.devkmsg=on",
"selinux=1",
"module.sig_enforce=1",
"proc_mem.force_override=never",
},
},
} {
t.Run(test.name, func(t *testing.T) {
t.Parallel()
assert.Equal(t, test.expected, kernel.DefaultArgs(test.quirks))
})
}
}
func TestSecureBootArgs(t *testing.T) {
t.Parallel()
for _, test := range []struct {
name string
quirks quirks.Quirks
expected []string
}{
{
name: "latest",
expected: []string{
"lockdown=confidentiality",
},
},
} {
t.Run(test.name, func(t *testing.T) {
t.Parallel()
assert.Equal(t, test.expected, kernel.SecureBootArgs(test.quirks))
})
}
}
Reference in New Issue View Git Blame Copy Permalink