diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2015-07-02 10:51:52 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2015-07-04 02:31:45 +0200 |
| commit | 9bc2f77daa1ba67d7e83e6a163b371b54e7c8506 (patch) | |
| tree | f6164f6b5afb701c1d918ee812d35697fa925777 /nixos | |
| parent | 7e6d6e034db419c0da2743f1aca90e1d50f97135 (diff) | |
| download | nixpkgs-9bc2f77daa1ba67d7e83e6a163b371b54e7c8506.tar nixpkgs-9bc2f77daa1ba67d7e83e6a163b371b54e7c8506.tar.gz nixpkgs-9bc2f77daa1ba67d7e83e6a163b371b54e7c8506.tar.bz2 nixpkgs-9bc2f77daa1ba67d7e83e6a163b371b54e7c8506.tar.lz nixpkgs-9bc2f77daa1ba67d7e83e6a163b371b54e7c8506.tar.xz nixpkgs-9bc2f77daa1ba67d7e83e6a163b371b54e7c8506.tar.zst nixpkgs-9bc2f77daa1ba67d7e83e6a163b371b54e7c8506.zip | |
nixos/tests/chromium: Improve sandbox checking.
We no longer need have "SUID sandbox" enabled in the chrome://sandbox status page and we now also check for "You are adequately sandboxed." to be absolutely sure that we're running with proper sandboxing. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/tests/chromium.nix | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index 2241bc9c3bc..6c2302594b9 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -157,10 +157,11 @@ import ./make-test.nix ( my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o"); die "sandbox not working properly: $clipboard" - unless $clipboard =~ /(?:suid|namespace) sandbox.*yes/mi + unless $clipboard =~ /namespace sandbox.*yes/mi && $clipboard =~ /pid namespaces.*yes/mi && $clipboard =~ /network namespaces.*yes/mi - && $clipboard =~ /seccomp.*sandbox.*yes/mi; + && $clipboard =~ /seccomp.*sandbox.*yes/mi + && $clipboard =~ /you are adequately sandboxed/mi; }; }; } |