lix/tests/functional/extra-sandbox-profile.sh
Théophane Hufschmitt adea821d87
libstore: Fix sandbox=relaxed
The fix for the Darwin vulnerability in ecdbc3b207
also broke setting `__sandboxProfile` when `sandbox=relaxed` or
`sandbox=false`. This cppnix change fixes `sandbox=relaxed` and
adds a suitable test.

Co-Authored-By: Artemis Tosini <lix@artem.ist>
Co-Authored-By: Eelco Dolstra <edolstra@gmail.com>
Change-Id: I40190f44f3e1d61846df1c7b89677c20a1488522
2024-05-08 19:31:43 +00:00

23 lines
494 B
Bash

source common.sh
if [[ $(uname) != Darwin ]]; then skipTest "Need Darwin"; fi
DEST_FILE="${TEST_ROOT}/foo"
testSandboxProfile () (
set -e
sandboxMode="$1"
rm -f "${DEST_FILE}"
nix-build --no-out-link ./extra-sandbox-profile.nix \
--option sandbox "$sandboxMode" \
--argstr seed "$RANDOM" \
--argstr destFile "${DEST_FILE}"
ls -l "${DEST_FILE}"
)
testSandboxProfile "false"
expectStderr 2 testSandboxProfile "true"
testSandboxProfile "relaxed"