shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-09 01:18:19 +03:00
Code

test-seccomp: check for CAP_IPC_OWNER before calling shmat()

Browse Source 
shmat() requires the CAP_IPC_OWNER capability. When running test-seccomp
in environments with root + CAP_SYS_ADMIN, but not CAP_IPC_OWNER,
memory_deny_write_execute_shmat would fail. This fixes it.
This commit is contained in:
Anita Zhang 2022-05-24 10:51:27 -07:00 committed by Yu Watanabe
parent 620ecc9c4b
commit 7e46a5c093
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/test/test-seccomp.c
View File

@ -655,7 +655,7 @@ TEST(memory_deny_write_execute_shmat) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
}
if (!have_seccomp_privs()) {
if (!have_seccomp_privs() || have_effective_cap(CAP_IPC_OWNER) <= 0) {
log_notice("Not privileged, skipping %s", __func__);
return;
}