adea821d87
The fix for the Darwin vulnerability in ecdbc3b207
also broke setting `__sandboxProfile` when `sandbox=relaxed` or
`sandbox=false`. This cppnix change fixes `sandbox=relaxed` and
adds a suitable test.
Co-Authored-By: Artemis Tosini <lix@artem.ist>
Co-Authored-By: Eelco Dolstra <edolstra@gmail.com>
Change-Id: I40190f44f3e1d61846df1c7b89677c20a1488522
23 lines
494 B
Bash
23 lines
494 B
Bash
source common.sh
|
|
|
|
if [[ $(uname) != Darwin ]]; then skipTest "Need Darwin"; fi
|
|
|
|
DEST_FILE="${TEST_ROOT}/foo"
|
|
|
|
testSandboxProfile () (
|
|
set -e
|
|
|
|
sandboxMode="$1"
|
|
|
|
rm -f "${DEST_FILE}"
|
|
nix-build --no-out-link ./extra-sandbox-profile.nix \
|
|
--option sandbox "$sandboxMode" \
|
|
--argstr seed "$RANDOM" \
|
|
--argstr destFile "${DEST_FILE}"
|
|
|
|
ls -l "${DEST_FILE}"
|
|
)
|
|
|
|
testSandboxProfile "false"
|
|
expectStderr 2 testSandboxProfile "true"
|
|
testSandboxProfile "relaxed"
|