sandbox: Add an option to set up /bin/sh

So far I mostly used this implementation for the games we have packaged,
where we pretty much patch out all commands that execute external
programs.

However in order to be useful in a more generic way, it makes sense to
provide a /bin/sh implementation, especially when you have to deal with
scripting languages.

I'm using dash here, because it's a more minimal implementation rather
than the default shell (bash) we use in nixpkgs and it practically only
needs to be able to run constructs like "/bin/sh -c foo".

Signed-off-by: aszlig <aszlig@nix.build>

1 files changed, 12 insertions, 0 deletions

diff --git a/tests/sandbox.nix b/tests/sandbox.nix
index e92099bf..0a860793 100644
--- a/tests/sandbox.nix
+++ b/tests/sandbox.nix
@@ -37,6 +37,10 @@
           # Should fail because we can't access the host's PATH
           ! echo foo | grep -qF foo
 
+          # No /bin/sh by default
+          test ! -e /bin
+          test ! -e /bin/sh
+
           # Write PID information to files, so that we can later verify whether
           # we were in a PID namespace.
           echo $$ > /home/foo/.cache/xdg/ownpid
@@ -105,6 +109,12 @@
         paths.wanted = [ "/home/foo/nonexisting" ];
         paths.runtimeVars = [ "COLLECT_ME" ];
       })
+
+      (pkgs.vuizvui.buildSandbox (pkgs.writeScriptBin "test-sandbox2" ''
+        #!/bin/sh
+        # Another /bin/sh just to be sure :-)
+        /bin/sh -c 'echo /bin/sh works'
+      '') { allowBinSh = true; })
     ];
     users.users.foo.isNormalUser = true;
   };
@@ -124,5 +134,7 @@
 
     $machine->succeed('test "$(< /home/foo/.cache/xdg/procpids)" = /proc/1');
     $machine->succeed('test "$(< /home/foo/.cache/xdg/ownpid)" = 1');
+
+    $machine->succeed('test "$(su -c test-sandbox2 foo)" = "/bin/sh works"');
   '';
 }