diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2015-02-20 19:01:46 +0100 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2015-02-22 07:52:53 +0100 |
| commit | 9de4caddc19ce97a7f3cb4af9d9e948ae335a02d (patch) | |
| tree | b5a04ea13cd62f6fb71d4a30be7a03714716e01a /nixos/tests/chromium.nix | |
| parent | c92dbffeac75afe93c05c1ef216e927f075755c5 (diff) | |
| download | nixpkgs-9de4caddc19ce97a7f3cb4af9d9e948ae335a02d.tar nixpkgs-9de4caddc19ce97a7f3cb4af9d9e948ae335a02d.tar.gz nixpkgs-9de4caddc19ce97a7f3cb4af9d9e948ae335a02d.tar.bz2 nixpkgs-9de4caddc19ce97a7f3cb4af9d9e948ae335a02d.tar.lz nixpkgs-9de4caddc19ce97a7f3cb4af9d9e948ae335a02d.tar.xz nixpkgs-9de4caddc19ce97a7f3cb4af9d9e948ae335a02d.tar.zst nixpkgs-9de4caddc19ce97a7f3cb4af9d9e948ae335a02d.zip | |
nixos/tests/chromium: Check new userns sandbox.
Since Chromium version 42, we have a new user namespaces sandbox in the upstream project. It's more integrated so the chrome://sandbox page reports it as "Namespace Sandbox" instead of SUID sandbox, which we were re-using (or abusing?) in our patch. So if either "SUID Sandbox" or "Namespace Sandbox" reports with "Yes", it's fine on our side. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/tests/chromium.nix')
| -rw-r--r-- | nixos/tests/chromium.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index efae0ec4045..368d0e43c46 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -154,7 +154,7 @@ import ./make-test.nix ( my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o"); die "sandbox not working properly: $clipboard" - unless $clipboard =~ /suid sandbox.*yes/mi + unless $clipboard =~ /(?:suid|namespace) sandbox.*yes/mi && $clipboard =~ /pid namespaces.*yes/mi && $clipboard =~ /network namespaces.*yes/mi && $clipboard =~ /seccomp.*sandbox.*yes/mi; |