mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
63403f07b0
We want to retain *some* of the full paths in order to test more code paths. But the default should be to use the command name only. This makes the tests less visually cluttered.
11 lines
405 B
Desktop File
11 lines
405 B
Desktop File
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
[Unit]
|
|
Description=Test bounding set is right with SystemCallFilter and non-root user
|
|
|
|
[Service]
|
|
ExecStart=sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_setpcap,cap_net_bind_service,cap_sys_admin"'
|
|
Type=oneshot
|
|
User=1
|
|
SystemCallFilter=@system-service
|
|
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETPCAP CAP_NET_BIND_SERVICE
|