From: Anita Zhang <the.anitazha@gmail.com>
Date: Tue, 24 May 2022 17:51:27 +0000 (-0700)
Subject: test-seccomp: check for CAP_IPC_OWNER before calling shmat()
X-Git-Tag: v252-rc1~930
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e46a5c093e9e0d2e1ec734058e0caf1725ff37e;p=thirdparty%2Fsystemd.git

test-seccomp: check for CAP_IPC_OWNER before calling shmat()

shmat() requires the CAP_IPC_OWNER capability. When running test-seccomp
in environments with root + CAP_SYS_ADMIN, but not CAP_IPC_OWNER,
memory_deny_write_execute_shmat would fail. This fixes it.
---

diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 7ccfeadbb81..45fe8f7c599 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -655,7 +655,7 @@ TEST(memory_deny_write_execute_shmat) {
                 log_notice("Seccomp not available, skipping %s", __func__);
                 return;
         }
-        if (!have_seccomp_privs()) {
+        if (!have_seccomp_privs() || have_effective_cap(CAP_IPC_OWNER) <= 0) {
                 log_notice("Not privileged, skipping %s", __func__);
                 return;
         }