nixos/tests/chromium: Check new userns sandbox.

Since Chromium version 42, we have a new user namespaces sandbox in the
upstream project. It's more integrated so the chrome://sandbox page
reports it as "Namespace Sandbox" instead of SUID sandbox, which we were
re-using (or abusing?) in our patch.

So if either "SUID Sandbox" or "Namespace Sandbox" reports with "Yes",
it's fine on our side.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 9de4caddc1)
This commit is contained in:
aszlig 2015-02-20 19:01:46 +01:00
parent ba0f957d7b
commit 8a13fb2482
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961

View File

@ -154,7 +154,7 @@ import ./make-test.nix (
my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o");
die "sandbox not working properly: $clipboard"
unless $clipboard =~ /suid sandbox.*yes/mi
unless $clipboard =~ /(?:suid|namespace) sandbox.*yes/mi
&& $clipboard =~ /pid namespaces.*yes/mi
&& $clipboard =~ /network namespaces.*yes/mi
&& $clipboard =~ /seccomp.*sandbox.*yes/mi;