From 8a13fb248286beb442d4e3440f41cabbe4bf1202 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Fri, 20 Feb 2015 19:01:46 +0100
Subject: [PATCH] nixos/tests/chromium: Check new userns sandbox.

Since Chromium version 42, we have a new user namespaces sandbox in the
upstream project. It's more integrated so the chrome://sandbox page
reports it as "Namespace Sandbox" instead of SUID sandbox, which we were
re-using (or abusing?) in our patch.

So if either "SUID Sandbox" or "Namespace Sandbox" reports with "Yes",
it's fine on our side.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 9de4caddc19ce97a7f3cb4af9d9e948ae335a02d)
---
 nixos/tests/chromium.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix
index efae0ec40459..368d0e43c465 100644
--- a/nixos/tests/chromium.nix
+++ b/nixos/tests/chromium.nix
@@ -154,7 +154,7 @@ import ./make-test.nix (
 
           my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o");
           die "sandbox not working properly: $clipboard"
-          unless $clipboard =~ /suid sandbox.*yes/mi
+          unless $clipboard =~ /(?:suid|namespace) sandbox.*yes/mi
               && $clipboard =~ /pid namespaces.*yes/mi
               && $clipboard =~ /network namespaces.*yes/mi
               && $clipboard =~ /seccomp.*sandbox.*yes/mi;