NAME=sandbox disable
FILE=-
CMDS=<<EOF
e cfg.sandbox=true
e cfg.sandbox=false
e cfg.sandbox
EOF
EXPECT=<<EOF
true
EOF
RUN

NAME=sandbox open
FILE=-
CMDS=<<EOF
e cfg.sandbox=true
o~[4]
oc /bin/ls
EOF
EXPECT=<<EOF
malloc://512
EOF
RUN

NAME=sandbox grain default is all
FILE=-
CMDS=<<EOF
e cfg.sandbox.grain
EOF
EXPECT=<<EOF
all
EOF
RUN

NAME=sandbox grain=none blocks exec
FILE=-
CMDS=<<EOF
e cfg.sandbox.grain=none
e cfg.sandbox=true
!!echo hello 2>/dev/null
EOF
EXPECT=<<EOF
EOF
RUN

NAME=sandbox grain=exec allows exec
FILE=-
CMDS=<<EOF
e cfg.sandbox.grain=exec
e cfg.sandbox=true
!!echo hello
EOF
EXPECT=<<EOF
hello
EOF
RUN

NAME=sandbox grain=all allows exec
FILE=-
CMDS=<<EOF
e cfg.sandbox.grain=all
e cfg.sandbox=true
!!echo hello
EOF
EXPECT=<<EOF
hello
EOF
RUN

NAME=sandbox grain order does not matter
FILE=-
CMDS=<<EOF
e cfg.sandbox=true
e cfg.sandbox.grain=exec
!!echo hello
EOF
EXPECT=<<EOF
hello
EOF
RUN

NAME=sandbox grain=none blocks oc
FILE=-
CMDS=<<EOF
e cfg.sandbox.grain=none
e cfg.sandbox=true
o~[4]
oc /bin/ls
EOF
EXPECT=<<EOF
malloc://512
EOF
RUN

NAME=sandbox grain=environ allows environ
FILE=-
CMDS=<<EOF
e cfg.sandbox.grain=environ
e cfg.sandbox=true
?e empty
%SHELL~?
?e empty
e cfg.sandbox.grain=none
%SHELL~?
?e empty
EOF
EXPECT=<<EOF
empty
1
empty
0
empty
EOF
RUN

NAME=sandbox grain=disk,exec combined
FILE=-
CMDS=<<EOF
e cfg.sandbox.grain=disk,exec
e cfg.sandbox=true
!!echo works
EOF
EXPECT=<<EOF
works
EOF
RUN

NAME=sandbox grain persist after enable
FILE=-
CMDS=<<EOF
e cfg.sandbox.grain=exec
e cfg.sandbox=true
e cfg.sandbox.grain
EOF
EXPECT=<<EOF
exec
EOF
RUN

NAME=sandbox grain=hidden option
FILE=-
CMDS=<<EOF
e cfg.sandbox.grain=hidden
e cfg.sandbox.grain
EOF
EXPECT=<<EOF
hidden
EOF
RUN
