programs: sane-sandbox: implement a cleaner debugshell and test API

modules/programs/make-sandboxed.nix

@@ -109,7 +109,10 @@ let
         # ensuring that every binary has in fact been wrapped.
         _numExec=0
         for b in ${packageWrapped}/bin/*; do
-          PATH="$PATH:${packageWrapped}/bin:${sane-sandboxed}/bin" "$b" --sane-sandbox-method exit0fortest | grep "exiting 0 for test"
+          PATH="$PATH:${packageWrapped}/bin:${sane-sandboxed}/bin" \
+            SANE_SANDBOX_DISABLE=1 \
+            "$b" --sane-sandbox-replace-cli echo "printing for test" \
+            | grep "printing for test"
           _numExec=$(( $_numExec + 1 ))
         done
 

modules/programs/sane-sandboxed

@@ -66,6 +66,12 @@ parseArgs() {
         SANE_SANDBOX_DEBUG=1
         set -x
         ;;
+      (--sane-sandbox-replace-cli)
+        # keep the sandbox flags, but clear any earlier CLI args.
+        # this lets the user do things like `mpv --sane-sandbox-replace-cli sh` to enter a shell
+        # with the sandbox that `mpv` would see.
+        parseArgsExtra=()
+        ;;
       (--sane-sandbox-disable)
         SANE_SANDBOX_DISABLE=1
         ;;
@@ -160,11 +166,6 @@ cliArgs+=("${parseArgsExtra[@]}")
 
 test -n "$SANE_SANDBOX_DISABLE" && exec "${cliArgs[@]}"
 
-test "$method" = "exit0fortest" && echo "exiting 0 for test" && exit 0
-
-# drop into an interactive shell to e.g. inspect the mount space
-test "$method" = "debugshell" && exec sh
-
 ### convert generic args into sandbox-specific args
 # order matters: for firejail, early args override the later --profile args