shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-06 12:58:22 +03:00
Code

test: adapt to the new capsh format

Browse Source 
Since libcap v2.29 the format of cap_to_text() has been changed which
makes certain `test-execute` subtest fail. Let's remove the offending
part of the output (dropped capabilities) to make it compatible with
both the old and the new libcap.

(cherry picked from commit 9569e385036c05c0bf9fbccdbf3d131161398e2e)
(cherry picked from commit 1325dfb5778dedd3ca5274d3383e7c27121fa60a)
This commit is contained in:
Frantisek Sumsal 2020-02-04 13:49:01 +01:00 committed by Zbigniew Jędrzejewski-Szmek
parent 275b266bde
commit 560eb5babf
7 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test/test-execute/exec-capabilityboundingset-invert.service
View File

@ -2,6 +2,7 @@
Description=Test for CapabilityBoundingSet
[Service]
ExecStart=/bin/sh -x -c '! capsh --print | grep "^Bounding set .*cap_chown"'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep "^Bounding set .*cap_chown"'
Type=oneshot
CapabilityBoundingSet=~CAP_CHOWN

3
test/test-execute/exec-privatedevices-no-capability-mknod.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=no
[Service]
PrivateDevices=no
ExecStart=/bin/sh -x -c 'capsh --print | grep cap_mknod'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
Type=oneshot

3
test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=no
[Service]
PrivateDevices=no
ExecStart=/bin/sh -x -c 'capsh --print | grep cap_sys_rawio'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
Type=oneshot

3
test/test-execute/exec-privatedevices-yes-capability-mknod.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=yes
[Service]
PrivateDevices=yes
ExecStart=/bin/sh -x -c '! capsh --print | grep cap_mknod'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
Type=oneshot

3
test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=yes
[Service]
PrivateDevices=yes
ExecStart=/bin/sh -x -c '! capsh --print | grep cap_sys_rawio'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
Type=oneshot

3
test/test-execute/exec-protectkernelmodules-no-capabilities.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_SYS_MODULE ProtectKernelModules=no
[Service]
ProtectKernelModules=no
ExecStart=/bin/sh -x -c 'capsh --print | grep cap_sys_module'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
Type=oneshot

3
test/test-execute/exec-protectkernelmodules-yes-capabilities.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_SYS_MODULE for ProtectKernelModules=yes
[Service]
ProtectKernelModules=yes
ExecStart=/bin/sh -x -c '! capsh --print | grep cap_sys_module'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
Type=oneshot