shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Code

test-execute: check capabilities before running tests

Browse Source 
Fixes #8193.
This commit is contained in:
Yu Watanabe 2018-03-05 00:00:35 +09:00
parent 5cd33ccc2c
commit b7856f9218
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/test/test-execute.c
View File

@ -24,6 +24,7 @@
#include <sys/prctl.h>
#include <sys/types.h>
#include "capability-util.h"
#include "cpu-set-util.h"
#include "errno-list.h"
#include "fileio.h"
@ -532,6 +533,13 @@ static void test_exec_capabilityboundingset(Manager *m) {
return;
}
if (have_effective_cap(CAP_CHOWN) <= 0 ||
have_effective_cap(CAP_FOWNER) <= 0 ||
have_effective_cap(CAP_KILL) <= 0) {
log_notice("Skipping %s, this process does not have enough capabilities", __func__);
return;
}
test(m, "exec-capabilityboundingset-simple.service", 0, CLD_EXITED);
test(m, "exec-capabilityboundingset-reset.service", 0, CLD_EXITED);
test(m, "exec-capabilityboundingset-merge.service", 0, CLD_EXITED);
@ -551,6 +559,12 @@ static void test_exec_ambientcapabilities(Manager *m) {
return;
}
if (have_effective_cap(CAP_NET_ADMIN) <= 0 ||
have_effective_cap(CAP_NET_RAW) <= 0) {
log_notice("Skipping %s, this process does not have enough capabilities", __func__);
return;
}
test(m, "exec-ambientcapabilities.service", 0, CLD_EXITED);
test(m, "exec-ambientcapabilities-merge.service", 0, CLD_EXITED);