test-seccomp: check for CAP_IPC_OWNER before calling shmat()

shmat() requires the CAP_IPC_OWNER capability. When running test-seccomp
in environments with root + CAP_SYS_ADMIN, but not CAP_IPC_OWNER,
memory_deny_write_execute_shmat would fail. This fixes it.

diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 7ccfeadbb814ada7da68f8f801d3243eb1ef72d9..45fe8f7c59999986a4fb480eadcb36687363a895 100644 (file)
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -655,7 +655,7 @@ TEST(memory_deny_write_execute_shmat) {
                 log_notice("Seccomp not available, skipping %s", __func__);
                 return;
         }
-        if (!have_seccomp_privs()) {
+        if (!have_seccomp_privs() || have_effective_cap(CAP_IPC_OWNER) <= 0) {
                 log_notice("Not privileged, skipping %s", __func__);
                 return;
         }