Enable sandboxing by default

Closes #179.
author: Eelco Dolstra <edolstra@gmail.com> 2018-11-07 17:08:28 +0100
committer: Eelco Dolstra <edolstra@gmail.com> 2018-11-07 17:08:28 +0100
commit: 812e39313c2bcf8909b83e1e8bc548a85dcd626c (patch)
tree: 74e4b7bffd4db2e6fd3063d8e05da5af7e643610 /tests
parent: 5a3f140856185ae0c6ee9270ad5d5fbc0505e3f2 (diff)
2 files changed, 7 insertions, 9 deletions
diff --git a/tests/common.sh.in b/tests/common.sh.in
index 2ee2f589d..6a523ca9d 100644
--- a/tests/common.sh.in
+++ b/tests/common.sh.in
@@ -85,16 +85,13 @@ killDaemon() {
     trap "" EXIT
 }
 
-canUseSandbox() {
-    if [[ $(uname) != Linux ]]; then return 1; fi
-
-    if [ ! -L /proc/self/ns/user ]; then
-        echo "Kernel doesn't support user namespaces, skipping this test..."
-        return 1
-    fi
+if [[ $(uname) == Linux ]] && [[ -L /proc/self/ns/user ]] && unshare --user true; then
+    _canUseSandbox=1
+fi
 
-    if ! unshare --user true ; then
-        echo "Unprivileged user namespaces disabled by sysctl, skipping this test..."
+canUseSandbox() {
+    if [[ ! $_canUseSandbox ]]; then
+        echo "Sandboxing not supported, skipping this test..."
         return 1
     fi
 
diff --git a/tests/init.sh b/tests/init.sh
index e5353598b..19a12c1e2 100644
--- a/tests/init.sh
+++ b/tests/init.sh
@@ -16,6 +16,7 @@ mkdir "$NIX_CONF_DIR"
 cat > "$NIX_CONF_DIR"/nix.conf <<EOF
 build-users-group =
 keep-derivations = false
+sandbox = false
 include nix.conf.extra
 EOF
author	Eelco Dolstra <edolstra@gmail.com>	2018-11-07 17:08:28 +0100
committer	Eelco Dolstra <edolstra@gmail.com>	2018-11-07 17:08:28 +0100
commit	812e39313c2bcf8909b83e1e8bc548a85dcd626c (patch)
tree	74e4b7bffd4db2e6fd3063d8e05da5af7e643610 /tests
parent	5a3f140856185ae0c6ee9270ad5d5fbc0505e3f2 (diff)