shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-10-26 08:55:18 +03:00
Code

test: adapt to the new capsh format

Browse Source 
Since libcap v2.29 the format of cap_to_text() has been changed which
makes certain `test-execute` subtest fail. Let's remove the offending
part of the output (dropped capabilities) to make it compatible with
both the old and the new libcap.

(cherry picked from commit 9569e38503)
(cherry picked from commit 1325dfb577)
(cherry picked from commit 560eb5babf)
This commit is contained in:
Frantisek Sumsal 2020-02-04 13:49:01 +01:00 committed by Zbigniew Jędrzejewski-Szmek
parent 26712b5cb1
commit 6126ba984b
7 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test/test-execute/exec-capabilityboundingset-invert.service
View File

@ -2,6 +2,7 @@
Description=Test for CapabilityBoundingSet
[Service]
ExecStart=/bin/sh -x -c '! capsh --print | grep "^Bounding set .*cap_chown"'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep "^Bounding set .*cap_chown"'
Type=oneshot
CapabilityBoundingSet=~CAP_CHOWN

3
test/test-execute/exec-privatedevices-no-capability-mknod.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=no
[Service]
PrivateDevices=no
ExecStart=/bin/sh -x -c 'capsh --print | grep cap_mknod'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
Type=oneshot

3
test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=no
[Service]
PrivateDevices=no
ExecStart=/bin/sh -x -c 'capsh --print | grep cap_sys_rawio'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
Type=oneshot

3
test/test-execute/exec-privatedevices-yes-capability-mknod.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=yes
[Service]
PrivateDevices=yes
ExecStart=/bin/sh -x -c '! capsh --print | grep cap_mknod'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
Type=oneshot

3
test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=yes
[Service]
PrivateDevices=yes
ExecStart=/bin/sh -x -c '! capsh --print | grep cap_sys_rawio'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
Type=oneshot

3
test/test-execute/exec-protectkernelmodules-no-capabilities.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_SYS_MODULE ProtectKernelModules=no
[Service]
ProtectKernelModules=no
ExecStart=/bin/sh -x -c 'capsh --print | grep cap_sys_module'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
Type=oneshot

3
test/test-execute/exec-protectkernelmodules-yes-capabilities.service
View File

@ -3,5 +3,6 @@ Description=Test CAP_SYS_MODULE for ProtectKernelModules=yes
[Service]
ProtectKernelModules=yes
ExecStart=/bin/sh -x -c '! capsh --print | grep cap_sys_module'
# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
Type=oneshot