diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index 857657eea4db..6f5e7d8d456e 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -192,6 +192,7 @@ in security.apparmor.profiles = singleton (pkgs.writeText "apparmor-dnscrypt-proxy" '' ${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy { /dev/null rw, + /dev/random r, /dev/urandom r, /etc/passwd r, @@ -211,6 +212,9 @@ in ${getLib pkgs.gcc.cc}/lib/libssp.so.* mr, ${getLib pkgs.libsodium}/lib/libsodium.so.* mr, ${getLib pkgs.systemd}/lib/libsystemd.so.* mr, + ${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so.* mr, + ${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so.* mr, + ${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so.* mr, ${getLib pkgs.xz}/lib/liblzma.so.* mr, ${getLib pkgs.libgcrypt}/lib/libgcrypt.so.* mr, ${getLib pkgs.libgpgerror}/lib/libgpg-error.so.* mr, diff --git a/nixos/tests/dnscrypt-proxy.nix b/nixos/tests/dnscrypt-proxy.nix index 845623368250..1fcf3903b13e 100644 --- a/nixos/tests/dnscrypt-proxy.nix +++ b/nixos/tests/dnscrypt-proxy.nix @@ -26,7 +26,8 @@ import ./make-test.nix ({ pkgs, ... }: { $client->waitForUnit("dnsmasq"); # The daemon is socket activated; sending a single ping should activate it. + $client->fail("systemctl is-active dnscrypt-proxy"); $client->execute("${pkgs.iputils}/bin/ping -c1 example.com"); - $client->succeed("systemctl is-active dnscrypt-proxy"); + $client->waitUntilSucceeds("systemctl is-active dnscrypt-proxy"); ''; })