diff options
author | aszlig <aszlig@nix.build> | 2019-03-23 21:13:38 +0100 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2019-03-23 21:13:38 +0100 |
commit | d90a7cf68d5cd5b625756ff258f3c99754d6880d (patch) | |
tree | 442d45ce791e9d5ca6f184b3a3d42de20f71a9a9 /tests | |
parent | 3f2496cd7299bfe54a787cde4aec42b84494a7d6 (diff) |
sandbox: Add an option to set up /bin/sh
So far I mostly used this implementation for the games we have packaged, where we pretty much patch out all commands that execute external programs. However in order to be useful in a more generic way, it makes sense to provide a /bin/sh implementation, especially when you have to deal with scripting languages. I'm using dash here, because it's a more minimal implementation rather than the default shell (bash) we use in nixpkgs and it practically only needs to be able to run constructs like "/bin/sh -c foo". Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/sandbox.nix | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/sandbox.nix b/tests/sandbox.nix index e92099bf..0a860793 100644 --- a/tests/sandbox.nix +++ b/tests/sandbox.nix @@ -37,6 +37,10 @@ # Should fail because we can't access the host's PATH ! echo foo | grep -qF foo + # No /bin/sh by default + test ! -e /bin + test ! -e /bin/sh + # Write PID information to files, so that we can later verify whether # we were in a PID namespace. echo $$ > /home/foo/.cache/xdg/ownpid @@ -105,6 +109,12 @@ paths.wanted = [ "/home/foo/nonexisting" ]; paths.runtimeVars = [ "COLLECT_ME" ]; }) + + (pkgs.vuizvui.buildSandbox (pkgs.writeScriptBin "test-sandbox2" '' + #!/bin/sh + # Another /bin/sh just to be sure :-) + /bin/sh -c 'echo /bin/sh works' + '') { allowBinSh = true; }) ]; users.users.foo.isNormalUser = true; }; @@ -124,5 +134,7 @@ $machine->succeed('test "$(< /home/foo/.cache/xdg/procpids)" = /proc/1'); $machine->succeed('test "$(< /home/foo/.cache/xdg/ownpid)" = 1'); + + $machine->succeed('test "$(su -c test-sandbox2 foo)" = "/bin/sh works"'); ''; } |