From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 4 Mar 2018 15:02:22 +0000 (+0900)
Subject: test-execute: use CAP_CHOWN instead of CAP_NET_ADMIN
X-Git-Tag: v238~2^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F8341%2Fhead;p=thirdparty%2Fsystemd.git

test-execute: use CAP_CHOWN instead of CAP_NET_ADMIN

CAP_NET_ADMIN is somtrimes dropped by container runtime.
This changes to use CAP_CHOWN instead of CAP_NET_ADMIN, as it is
less likely to be dropped.
---

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 788249e885d..645e0b3d47d 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -559,7 +559,7 @@ static void test_exec_ambientcapabilities(Manager *m) {
                 return;
         }
 
-        if (have_effective_cap(CAP_NET_ADMIN) <= 0 ||
+        if (have_effective_cap(CAP_CHOWN) <= 0 ||
             have_effective_cap(CAP_NET_RAW) <= 0) {
                 log_notice("Skipping %s, this process does not have enough capabilities", __func__);
                 return;
diff --git a/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service
index 00bec581b5f..d2cadebde45 100644
--- a/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service
+++ b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service
@@ -2,8 +2,8 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=nfsnobody
-AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_CHOWN
 AmbientCapabilities=CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities-merge-nobody.service b/test/test-execute/exec-ambientcapabilities-merge-nobody.service
index 64964380e27..545081d6292 100644
--- a/test/test-execute/exec-ambientcapabilities-merge-nobody.service
+++ b/test/test-execute/exec-ambientcapabilities-merge-nobody.service
@@ -2,8 +2,8 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=nobody
-AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_CHOWN
 AmbientCapabilities=CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities-merge.service b/test/test-execute/exec-ambientcapabilities-merge.service
index 22b4c6d49e6..2e3fe59124f 100644
--- a/test/test-execute/exec-ambientcapabilities-merge.service
+++ b/test/test-execute/exec-ambientcapabilities-merge.service
@@ -2,8 +2,8 @@
 Description=Test for AmbientCapabilities (daemon)
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=daemon
-AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_CHOWN
 AmbientCapabilities=CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-nfsnobody.service
index 614cfdd5849..9377ee16b2d 100644
--- a/test/test-execute/exec-ambientcapabilities-nfsnobody.service
+++ b/test/test-execute/exec-ambientcapabilities-nfsnobody.service
@@ -2,7 +2,7 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=nfsnobody
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
+AmbientCapabilities=CAP_CHOWN CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities-nobody.service b/test/test-execute/exec-ambientcapabilities-nobody.service
index d63f884ef83..07a6c7511db 100644
--- a/test/test-execute/exec-ambientcapabilities-nobody.service
+++ b/test/test-execute/exec-ambientcapabilities-nobody.service
@@ -2,7 +2,7 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=nobody
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
+AmbientCapabilities=CAP_CHOWN CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities.service b/test/test-execute/exec-ambientcapabilities.service
index 0a3cfa4bf6d..d91cc09a485 100644
--- a/test/test-execute/exec-ambientcapabilities.service
+++ b/test/test-execute/exec-ambientcapabilities.service
@@ -2,7 +2,7 @@
 Description=Test for AmbientCapabilities (daemon)
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=daemon
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
+AmbientCapabilities=CAP_CHOWN CAP_NET_RAW