Unverified Commit 9de4cadd authored by aszlig's avatar aszlig
Browse files

nixos/tests/chromium: Check new userns sandbox. 

Since Chromium version 42, we have a new user namespaces sandbox in the
upstream project. It's more integrated so the chrome://sandbox

 page
reports it as "Namespace Sandbox" instead of SUID sandbox, which we were
re-using (or abusing?) in our patch.

So if either "SUID Sandbox" or "Namespace Sandbox" reports with "Yes",
it's fine on our side.

Signed-off-by: default avataraszlig <aszlig@redmoonstudios.org>
parent c92dbffe

nixos/tests/chromium.nix

+1 −1
Original line number Diff line number Diff line
@@ -154,7 +154,7 @@ import ./make-test.nix ( 


          my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o");

          die "sandbox not working properly: $clipboard"

          unless $clipboard =~ /suid sandbox.*yes/mi

          unless $clipboard =~ /(?:suid|namespace) sandbox.*yes/mi

              && $clipboard =~ /pid namespaces.*yes/mi

              && $clipboard =~ /network namespaces.*yes/mi

              && $clipboard =~ /seccomp.*sandbox.*yes/mi;