From 74b6ce90a0f2c2c0f824fc7e89f5433758d44914 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 21 Mar 2019 12:38:18 +0100
Subject: [PATCH] capability: add a test that fails if we ever enter > 64bit
 capability territory

---
 src/test/test-capability.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/test/test-capability.c b/src/test/test-capability.c
index 325d7c8cc2f..6b2de66bb7f 100644
--- a/src/test/test-capability.c
+++ b/src/test/test-capability.c
@@ -215,11 +215,32 @@ static void test_set_ambient_caps(void) {
         assert_se(prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_CHOWN, 0, 0) == 1);
 }
 
+static void test_ensure_cap_64bit(void) {
+        _cleanup_free_ char *content = NULL;
+        unsigned long p = 0;
+        int r;
+
+        r = read_one_line_file("/proc/sys/kernel/cap_last_cap", &content);
+        if (r == -ENOENT) /* kernel pre 3.2 */
+                return;
+        assert_se(r >= 0);
+
+        assert_se(safe_atolu(content, &p) >= 0);
+
+        /* If caps don't fit into 64bit anymore, we have a problem, fail the test. */
+        assert_se(p <= 63);
+
+        /* Also check for the header definition */
+        assert_se(CAP_LAST_CAP <= 63);
+}
+
 int main(int argc, char *argv[]) {
         bool run_ambient;
 
         test_setup_logging(LOG_INFO);
 
+        test_ensure_cap_64bit();
+
         test_last_cap_file();
         test_last_cap_probe();
 
-- 
2.39.2