37 lines
1.8 KiB
Diff
37 lines
1.8 KiB
Diff
From 8b170a9a91ffaa0611f68b1fef64f881f2dadf8d Mon Sep 17 00:00:00 2001
|
|
From: Christian Kastner <ckk@kvr.at>
|
|
Date: Wed, 19 Feb 2020 10:03:05 +0100
|
|
Subject: [PATCH] tests: Update output patterns for libcap >= 2.29
|
|
|
|
---
|
|
tests/test-run.sh | 15 +++++++++++----
|
|
1 file changed, 11 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/tests/test-run.sh b/tests/test-run.sh
|
|
index a01f41c..702c480 100755
|
|
--- a/tests/test-run.sh
|
|
+++ b/tests/test-run.sh
|
|
@@ -215,11 +215,18 @@ else
|
|
$RUN $OPT --cap-drop ALL --unshare-pid capsh --print >caps.test
|
|
assert_file_has_content caps.test 'Current: =$'
|
|
# Check for dropping kill/fowner (we assume all uid 0 callers have this)
|
|
- $RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test
|
|
- assert_not_file_has_content caps.test '^Current: =.*cap_kill'
|
|
- assert_not_file_has_content caps.test '^Current: =.*cap_fowner'
|
|
# But we should still have net_bind_service for example
|
|
- assert_file_has_content caps.test '^Current: =.*cap_net_bind_service'
|
|
+ $RUN $OPT --cap-drop CAP_KILL --cap-drop CAP_FOWNER --unshare-pid capsh --print >caps.test
|
|
+ # capsh's output format changed from v2.29 -> drops are now indicated with -eip
|
|
+ if grep 'Current: =.*+eip$' caps.test; then
|
|
+ assert_not_file_has_content caps.test '^Current: =.*cap_kill.*+eip$'
|
|
+ assert_not_file_has_content caps.test '^Current: =.*cap_fowner.*+eip$'
|
|
+ assert_file_has_content caps.test '^Current: =.*cap_net_bind_service.*+eip$'
|
|
+ else
|
|
+ assert_file_has_content caps.test '^Current: =eip.*cap_kill.*-eip$'
|
|
+ assert_file_has_content caps.test '^Current: =eip.*cap_fowner.*-eip$'
|
|
+ assert_not_file_has_content caps.test '^Current: =.*cap_net_bind_service.*-eip$'
|
|
+ fi
|
|
echo "ok - we have the expected caps as uid 0"
|
|
fi
|
|
|