nixos/tests/chromium: Improve sandbox checking.

We no longer need have "SUID sandbox" enabled in the chrome://sandbox status page and we now also check for "You are adequately sandboxed." to be absolutely sure that we're running with proper sandboxing. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-07-02 10:51:52 +02:00 · 2015-07-02 10:51:52 +02:00 · 9bc2f77daa
commit 9bc2f77daa
parent 7e6d6e034d
1 changed files with 3 additions and 2 deletions
--- a/nixos/tests/chromium.nix
+++ b/nixos/tests/chromium.nix
@ -157,10 +157,11 @@ import ./make-test.nix (

          my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o");
          die "sandbox not working properly: $clipboard"
-          unless $clipboard =~ /(?:suid|namespace) sandbox.*yes/mi
+          unless $clipboard =~ /namespace sandbox.*yes/mi
              && $clipboard =~ /pid namespaces.*yes/mi
              && $clipboard =~ /network namespaces.*yes/mi
-              && $clipboard =~ /seccomp.*sandbox.*yes/mi;
+              && $clipboard =~ /seccomp.*sandbox.*yes/mi
+              && $clipboard =~ /you are adequately sandboxed/mi;
        };
      };
    }