test-execute: use CAP_CHOWN instead of CAP_NET_ADMIN

CAP_NET_ADMIN is somtrimes dropped by container runtime.
This changes to use CAP_CHOWN instead of CAP_NET_ADMIN, as it is
less likely to be dropped.

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 788249e885d36f78633afac6293fd90d75a81c5f..645e0b3d47d658e18d5af02b81aee8bf78283115 100644 (file)
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -559,7 +559,7 @@ static void test_exec_ambientcapabilities(Manager *m) {
                 return;
         }
 
-        if (have_effective_cap(CAP_NET_ADMIN) <= 0 ||
+        if (have_effective_cap(CAP_CHOWN) <= 0 ||
             have_effective_cap(CAP_NET_RAW) <= 0) {
                 log_notice("Skipping %s, this process does not have enough capabilities", __func__);
                 return;

diff --git a/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service
index 00bec581b5f505ef8187fbf3a69c7bd204063a7c..d2cadebde452e4d82fd4707032b3cfa113189df9 100644 (file)
--- a/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service
+++ b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service
@@ -2,8 +2,8 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"'
 Type=oneshot
 User=nfsnobody
-AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_CHOWN
 AmbientCapabilities=CAP_NET_RAW

diff --git a/test/test-execute/exec-ambientcapabilities-merge-nobody.service b/test/test-execute/exec-ambientcapabilities-merge-nobody.service
index 64964380e27ab704548516cf25976e8096a76471..545081d62923ac98a834f7691038ccfdd8339b8b 100644 (file)
--- a/test/test-execute/exec-ambientcapabilities-merge-nobody.service
+++ b/test/test-execute/exec-ambientcapabilities-merge-nobody.service
@@ -2,8 +2,8 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"'
 Type=oneshot
 User=nobody
-AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_CHOWN
 AmbientCapabilities=CAP_NET_RAW

diff --git a/test/test-execute/exec-ambientcapabilities-merge.service b/test/test-execute/exec-ambientcapabilities-merge.service
index 22b4c6d49e691fa758668d21acb5232f75f90063..2e3fe59124fabb6f7c8618b36845289daafad320 100644 (file)
--- a/test/test-execute/exec-ambientcapabilities-merge.service
+++ b/test/test-execute/exec-ambientcapabilities-merge.service
@@ -2,8 +2,8 @@
 Description=Test for AmbientCapabilities (daemon)
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"'
 Type=oneshot
 User=daemon
-AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_CHOWN
 AmbientCapabilities=CAP_NET_RAW

diff --git a/test/test-execute/exec-ambientcapabilities-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-nfsnobody.service
index 614cfdd5849cc27822d521041b3eaf1353539b3b..9377ee16b2db22d1140f0bff0240cb39bcac470e 100644 (file)
--- a/test/test-execute/exec-ambientcapabilities-nfsnobody.service
+++ b/test/test-execute/exec-ambientcapabilities-nfsnobody.service
@@ -2,7 +2,7 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"'
 Type=oneshot
 User=nfsnobody
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
+AmbientCapabilities=CAP_CHOWN CAP_NET_RAW

diff --git a/test/test-execute/exec-ambientcapabilities-nobody.service b/test/test-execute/exec-ambientcapabilities-nobody.service
index d63f884ef83615757f32db5600c1d6cec9143573..07a6c7511db3c05cf32dd9a0089a300b080cb22b 100644 (file)
--- a/test/test-execute/exec-ambientcapabilities-nobody.service
+++ b/test/test-execute/exec-ambientcapabilities-nobody.service
@@ -2,7 +2,7 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"'
 Type=oneshot
 User=nobody
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
+AmbientCapabilities=CAP_CHOWN CAP_NET_RAW

diff --git a/test/test-execute/exec-ambientcapabilities.service b/test/test-execute/exec-ambientcapabilities.service
index 0a3cfa4bf6d071c877426e2c0d8fdf1f23db3721..d91cc09a48532bf5fbc60ff95c94fb0136ecd03e 100644 (file)
--- a/test/test-execute/exec-ambientcapabilities.service
+++ b/test/test-execute/exec-ambientcapabilities.service
@@ -2,7 +2,7 @@
 Description=Test for AmbientCapabilities (daemon)
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"'
 Type=oneshot
 User=daemon
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
+AmbientCapabilities=CAP_CHOWN CAP_NET_RAW