mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
e720cebf7c
When starting a service with a non-root user and a SystemCallFilter and other settings (like ProtectClock), the no_new_privs flag should not be set. Also, test that CapabilityBoundingSet behaves correctly, since we need to preserve some capabilities to do the seccomp filter and restore the ones set by the service before executing.
10 lines
280 B
Desktop File
10 lines
280 B
Desktop File
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
[Unit]
|
|
Description=Test no_new_privs is unset for ProtectClock and non-root user
|
|
|
|
[Service]
|
|
ExecStart=/bin/sh -x -c 'c=$$(cat /proc/self/status | grep "NoNewPrivs: "); test "$$c" = "NoNewPrivs: 0"'
|
|
Type=oneshot
|
|
User=1
|
|
ProtectClock=yes
|