ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-12-26 21:33:03 +03:00
Code Issues Projects Releases Wiki Activity

nixos/tests/chromium: Check new userns sandbox.

Browse Source 
Since Chromium version 42, we have a new user namespaces sandbox in the
upstream project. It's more integrated so the chrome://sandbox page
reports it as "Namespace Sandbox" instead of SUID sandbox, which we were
re-using (or abusing?) in our patch.

So if either "SUID Sandbox" or "Namespace Sandbox" reports with "Yes",
it's fine on our side.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2015-02-20 19:01:46 +01:00
parent c92dbffeac
commit 9de4caddc1
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/tests/chromium.nix
View File

@ -154,7 +154,7 @@ import ./make-test.nix (
my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o"); my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o");
die "sandbox not working properly: $clipboard" die "sandbox not working properly: $clipboard"
unless $clipboard =~ /suid sandbox.*yes/mi unless $clipboard =~ /(?:suid|namespace) sandbox.*yes/mi
&& $clipboard =~ /pid namespaces.*yes/mi && $clipboard =~ /pid namespaces.*yes/mi
&& $clipboard =~ /network namespaces.*yes/mi && $clipboard =~ /network namespaces.*yes/mi
&& $clipboard =~ /seccomp.*sandbox.*yes/mi; && $clipboard =~ /seccomp.*sandbox.*yes/mi;