nixos/tests/chromium: Check new userns sandbox.
Since Chromium version 42, we have a new user namespaces sandbox in the upstream project. It's more integrated so the chrome://sandbox page reports it as "Namespace Sandbox" instead of SUID sandbox, which we were re-using (or abusing?) in our patch. So if either "SUID Sandbox" or "Namespace Sandbox" reports with "Yes", it's fine on our side. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig
parent
c92dbffeac
commit
9de4caddc1
|
|
@ -154,7 +154,7 @@ import ./make-test.nix (
|
|||
|
||||
my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o");
|
||||
die "sandbox not working properly: $clipboard"
|
||||
unless $clipboard =~ /suid sandbox.*yes/mi
|
||||
unless $clipboard =~ /(?:suid|namespace) sandbox.*yes/mi
|
||||
&& $clipboard =~ /pid namespaces.*yes/mi
|
||||
&& $clipboard =~ /network namespaces.*yes/mi
|
||||
&& $clipboard =~ /seccomp.*sandbox.*yes/mi;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user