From f0c465037808beda223d869e359656fb630b2f12 Mon Sep 17 00:00:00 2001
From: Anita Zhang <the.anitazha@gmail.com>
Date: Tue, 24 May 2022 10:51:27 -0700
Subject: [PATCH] test-seccomp: check for CAP_IPC_OWNER before calling shmat()

shmat() requires the CAP_IPC_OWNER capability. When running test-seccomp
in environments with root + CAP_SYS_ADMIN, but not CAP_IPC_OWNER,
memory_deny_write_execute_shmat would fail. This fixes it.

(cherry picked from commit 7e46a5c093e9e0d2e1ec734058e0caf1725ff37e)
(cherry picked from commit d4ca019870e9c31026c75633be12b5893ffa4ecf)
(cherry picked from commit 9a50c7c1499cb84b068552c503b9139c9e3a2e17)
---
 src/test/test-seccomp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 7ccfeadbb8..45fe8f7c59 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -655,7 +655,7 @@ TEST(memory_deny_write_execute_shmat) {
                 log_notice("Seccomp not available, skipping %s", __func__);
                 return;
         }
-        if (!have_seccomp_privs()) {
+        if (!have_seccomp_privs() || have_effective_cap(CAP_IPC_OWNER) <= 0) {
                 log_notice("Not privileged, skipping %s", __func__);
                 return;
         }