mirror of
https://github.com/systemd/systemd.git
synced 2024-11-05 06:52:22 +03:00
e9cdcbed77
libcap v2.33 introduces a new capability set called IAB[0] which is shown in the output of `capsh --print` and interferes with the test checks. Let's drop the IAB set from the output, for now, to mitigate this. This could be (and probably should be) replaced in the future by the newly introduced testing options[1][2] in libcap v2.32, namely: --has-p=xxx --has-i=xxx --has-a=xxx but this needs to wait until the respective libcap version gets a wider adoption. Until then, let's stick with the relatively ugly sed. Fixes: #15046 [0] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=943b011b5e53624eb9cab4e96c1985326e077cdd [1] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=588d0439cb6495b03f0ab9f213f0b6b339e7d4b7 [2] https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=e7709bbc1c4712f2ddfc6e6f42892928a8a03782
9 lines
300 B
Desktop File
9 lines
300 B
Desktop File
[Unit]
|
|
Description=Test CAP_SYS_MODULE for ProtectKernelModules=yes
|
|
|
|
[Service]
|
|
ProtectKernelModules=yes
|
|
# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
|
|
ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module'
|
|
Type=oneshot
|