diff --git a/test/configuration.nix b/test/configuration.nix
index fa1ecca..93f1b39 100644
--- a/test/configuration.nix
+++ b/test/configuration.nix
@@ -5,7 +5,38 @@
   ...
 }:
 let
-  testCases = import ./sandbox/case pkgs config.environment.fortify.package.version;
+  testProgram =
+    let
+      inherit (pkgs)
+        buildGoModule
+        pkg-config
+        util-linux
+        ;
+    in
+    buildGoModule rec {
+      pname = "check-sandbox";
+      inherit (config.environment.fortify.package) version;
+
+      src = builtins.path {
+        name = "${pname}-src";
+        path = lib.cleanSource ./.;
+        filter = path: type: (type == "directory" && lib.hasSuffix "sandbox" path) || (type == "regular" && lib.hasSuffix ".go" path);
+      };
+      vendorHash = null;
+
+      buildInputs = [ util-linux ];
+      nativeBuildInputs = [ pkg-config ];
+
+      preBuild = ''
+        go mod init git.gensokyo.uk/security/fortify/test >& /dev/null
+      '';
+
+      postInstall = ''
+        mv $out/bin/test $out/bin/fortify-test
+      '';
+    };
+
+  testCases = import ./sandbox/case lib testProgram;
 in
 {
   users.users = {
@@ -42,7 +73,7 @@ in
       mako
 
       # For checking seccomp outcome:
-      testCases._testProgram
+      testProgram
     ];
 
     variables = {
diff --git a/test/sandbox/case/main.go b/test/main.go
similarity index 100%
rename from test/sandbox/case/main.go
rename to test/main.go
diff --git a/test/sandbox/case/default.nix b/test/sandbox/case/default.nix
index 01395ff..0377246 100644
--- a/test/sandbox/case/default.nix
+++ b/test/sandbox/case/default.nix
@@ -1,14 +1,5 @@
-pkgs: version:
+lib: testProgram:
 let
-  inherit (pkgs)
-    lib
-    writeText
-    buildGoModule
-    pkg-config
-    util-linux
-    foot
-    ;
-
   fs = mode: dir: data: {
     mode = lib.fromHexString mode;
     inherit
@@ -32,26 +23,6 @@ let
       ;
   };
 
-  checkSandbox = buildGoModule {
-    pname = "check-sandbox";
-    inherit version;
-
-    src = ../../.;
-    vendorHash = null;
-
-    buildInputs = [ util-linux ];
-    nativeBuildInputs = [ pkg-config ];
-
-    preBuild = ''
-      go mod init git.gensokyo.uk/security/fortify/test >& /dev/null
-      cp ${./main.go} main.go
-    '';
-
-    postInstall = ''
-      mv $out/bin/test $out/bin/fortify-test
-    '';
-  };
-
   callTestCase =
     path:
     let
@@ -67,12 +38,12 @@ let
       name = "check-sandbox-${tc.name}";
       verbose = true;
       inherit (tc) tty mapRealUid;
-      share = foot;
+      share = testProgram;
       packages = [ ];
-      path = "${checkSandbox}/bin/fortify-test";
+      path = "${testProgram}/bin/fortify-test";
       args = [
         "test"
-        (toString (writeText "fortify-${tc.name}-want.json" (builtins.toJSON tc.want)))
+        (toString (builtins.toFile "fortify-${tc.name}-want.json" (builtins.toJSON tc.want)))
       ];
     };
 in
@@ -80,6 +51,4 @@ in
   preset = callTestCase ./preset.nix;
   tty = callTestCase ./tty.nix;
   mapuid = callTestCase ./mapuid.nix;
-
-  _testProgram = checkSandbox;
 }