blob: 9c247da21d3ea4a6849d99c666c213aa6d0dc827 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
{
name = "sandbox";
machine = { pkgs, lib, ... }: {
system.activationScripts.inject-link = ''
ln -svf ${pkgs.hello} /run/foo-test-sandbox
ln -svf ${pkgs.gnused} /run/bar-test-sandbox
ln -svf ${pkgs.gnugrep} /run/baz-test-sandbox
'';
environment.sessionVariables.COLLECT_ME = [
"/run/foo-test-sandbox"
"/run/bar-test-sandbox"
"/run/baz-test-sandbox"
];
environment.systemPackages = let
testProgram = pkgs.writeScriptBin "test-sandbox" ''
#!${pkgs.stdenv.shell} -ex
! echo foo | grep -qF foo
export PATH=/run/baz-test-sandbox/bin
echo foo > /home/foo/existing/bar
test ! -d /home/foo/nonexisting
/run/foo-test-sandbox/bin/hello
echo aaa | /run/bar-test-sandbox/bin/sed -e 's/a/b/g'
'';
in lib.singleton (pkgs.vuizvui.buildSandbox testProgram {
paths.required = [ "/home/foo/existing" ];
paths.wanted = [ "/home/foo/nonexisting" ];
paths.runtimeVars = [ "COLLECT_ME" ];
});
users.users.foo.isNormalUser = true;
};
testScript = ''
$machine->waitForUnit('multi-user.target');
$machine->succeed('su - -c test-sandbox foo >&2');
$machine->succeed('test -d /home/foo/existing');
$machine->succeed('grep -qF foo /home/foo/existing/bar');
$machine->fail('test -d /home/foo/nonexisting');
'';
}
|
