bubblewrap/debian/patches/update-output-patterns-libc...

37 lines
1.8 KiB
Diff
Raw Normal View History

From 8b170a9a91ffaa0611f68b1fef64f881f2dadf8d Mon Sep 17 00:00:00 2001
From: Christian Kastner <ckk@kvr.at>
Date: Wed, 19 Feb 2020 10:03:05 +0100
Subject: [PATCH] tests: Update output patterns for libcap >= 2.29
---
tests/test-run.sh | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/tests/test-run.sh b/tests/test-run.sh
index a01f41c..702c480 100755
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -215,11 +215,18 @@ else
$RUN $OPT --cap-drop ALL --unshare-pid capsh --print >caps.test
assert_file_has_content caps.test 'Current: =$'
# Check for dropping kill/fowner (we assume all uid 0 callers have this)
- $RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test
- assert_not_file_has_content caps.test '^Current: =.*cap_kill'
- assert_not_file_has_content caps.test '^Current: =.*cap_fowner'
# But we should still have net_bind_service for example
- assert_file_has_content caps.test '^Current: =.*cap_net_bind_service'
+ $RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test
+ # capsh's output format changed from v2.29 -> drops are now indicated with -eip
+ if grep 'Current: =.*+eip$' caps.test; then
+ assert_not_file_has_content caps.test '^Current: =.*cap_kill.*+eip$'
+ assert_not_file_has_content caps.test '^Current: =.*cap_fowner.*+eip$'
+ assert_file_has_content caps.test '^Current: =.*cap_net_bind_service.*+eip$'
+ else
+ assert_file_has_content caps.test '^Current: =eip.*cap_kill.*-eip$'
+ assert_file_has_content caps.test '^Current: =eip.*cap_fowner.*-eip$'
+ assert_not_file_has_content caps.test '^Current: =.*cap_net_bind_service.*-eip$'
+ fi
echo "ok - we have the expected caps as uid 0"
fi