daandemeyer / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
Source Code
GIT

Blame SOURCES/0742-test-adapt-to-the-new-capsh-format.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c9-beta c9s-sig-hyperscale drop-selinux extras extras-boot-time network-extras reduce-diff-rawhide v252-4.597.7-c8s v252-4.598.7-c8s
  1.   da2bf9e4d033db98743f33c925f39a0686c6628a
  2.   SOURCES
  3.   0742-test-adapt-to-the-new-capsh-format.patch
Blob History Raw
da2bf9 
From 9070c6d48645b948d996f9c26bc590c07d46ca1f Mon Sep 17 00:00:00 2001
da2bf9 
From: Frantisek Sumsal <frantisek@sumsal.cz>
da2bf9 
Date: Tue, 4 Feb 2020 13:49:01 +0100
da2bf9 
Subject: [PATCH] test: adapt to the new capsh format
da2bf9
da2bf9 
Since libcap v2.29 the format of cap_to_text() has been changed which
da2bf9 
makes certain `test-execute` subtest fail. Let's remove the offending
da2bf9 
part of the output (dropped capabilities) to make it compatible with
da2bf9 
both the old and the new libcap.
da2bf9
da2bf9 
(cherry picked from commit 9569e385036c05c0bf9fbccdbf3d131161398e2e)
da2bf9
da2bf9 
Related: #2017033
da2bf9 
---
da2bf9 
 test/test-execute/exec-capabilityboundingset-invert.service    | 3 ++-
da2bf9 
 .../exec-privatedevices-no-capability-mknod.service            | 3 ++-
da2bf9 
 .../exec-privatedevices-no-capability-sys-rawio.service        | 3 ++-
da2bf9 
 .../exec-privatedevices-yes-capability-mknod.service           | 3 ++-
da2bf9 
 .../exec-privatedevices-yes-capability-sys-rawio.service       | 3 ++-
da2bf9 
 .../exec-protectkernelmodules-no-capabilities.service          | 3 ++-
da2bf9 
 .../exec-protectkernelmodules-yes-capabilities.service         | 3 ++-
da2bf9 
 7 files changed, 14 insertions(+), 7 deletions(-)
da2bf9
da2bf9 
diff --git a/test/test-execute/exec-capabilityboundingset-invert.service b/test/test-execute/exec-capabilityboundingset-invert.service
da2bf9 
index 1abe390601..5f37427603 100644
da2bf9 
--- a/test/test-execute/exec-capabilityboundingset-invert.service
da2bf9 
+++ b/test/test-execute/exec-capabilityboundingset-invert.service
da2bf9 
@@ -2,6 +2,7 @@
da2bf9 
 Description=Test for CapabilityBoundingSet
da2bf9
da2bf9 
 [Service]
da2bf9 
-ExecStart=/bin/sh -x -c '! capsh --print | grep "^Bounding set .*cap_chown"'
da2bf9 
+# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
da2bf9 
+ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep "^Bounding set .*cap_chown"'
da2bf9 
 Type=oneshot
da2bf9 
 CapabilityBoundingSet=~CAP_CHOWN
da2bf9 
diff --git a/test/test-execute/exec-privatedevices-no-capability-mknod.service b/test/test-execute/exec-privatedevices-no-capability-mknod.service
da2bf9 
index 6d39469da8..4d61d9ffaa 100644
da2bf9 
--- a/test/test-execute/exec-privatedevices-no-capability-mknod.service
da2bf9 
+++ b/test/test-execute/exec-privatedevices-no-capability-mknod.service
da2bf9 
@@ -3,5 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=no
da2bf9
da2bf9 
 [Service]
da2bf9 
 PrivateDevices=no
da2bf9 
-ExecStart=/bin/sh -x -c 'capsh --print | grep cap_mknod'
da2bf9 
+# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
da2bf9 
+ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
da2bf9 
 Type=oneshot
da2bf9 
diff --git a/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service b/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
da2bf9 
index e7f529c44c..f7f7a16736 100644
da2bf9 
--- a/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
da2bf9 
+++ b/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
da2bf9 
@@ -3,5 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=no
da2bf9
da2bf9 
 [Service]
da2bf9 
 PrivateDevices=no
da2bf9 
-ExecStart=/bin/sh -x -c 'capsh --print | grep cap_sys_rawio'
da2bf9 
+# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
da2bf9 
+ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
da2bf9 
 Type=oneshot
da2bf9 
diff --git a/test/test-execute/exec-privatedevices-yes-capability-mknod.service b/test/test-execute/exec-privatedevices-yes-capability-mknod.service
da2bf9 
index fb1fc2875a..5bcace0845 100644
da2bf9 
--- a/test/test-execute/exec-privatedevices-yes-capability-mknod.service
da2bf9 
+++ b/test/test-execute/exec-privatedevices-yes-capability-mknod.service
da2bf9 
@@ -3,5 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=yes
da2bf9
da2bf9 
 [Service]
da2bf9 
 PrivateDevices=yes
da2bf9 
-ExecStart=/bin/sh -x -c '! capsh --print | grep cap_mknod'
da2bf9 
+# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
da2bf9 
+ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
da2bf9 
 Type=oneshot
da2bf9 
diff --git a/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service b/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
da2bf9 
index cebc493a7a..a246f950c1 100644
da2bf9 
--- a/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
da2bf9 
+++ b/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
da2bf9 
@@ -3,5 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=yes
da2bf9
da2bf9 
 [Service]
da2bf9 
 PrivateDevices=yes
da2bf9 
-ExecStart=/bin/sh -x -c '! capsh --print | grep cap_sys_rawio'
da2bf9 
+# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
da2bf9 
+ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
da2bf9 
 Type=oneshot
da2bf9 
diff --git a/test/test-execute/exec-protectkernelmodules-no-capabilities.service b/test/test-execute/exec-protectkernelmodules-no-capabilities.service
da2bf9 
index b2f2cd6b8a..8d7e2b52d4 100644
da2bf9 
--- a/test/test-execute/exec-protectkernelmodules-no-capabilities.service
da2bf9 
+++ b/test/test-execute/exec-protectkernelmodules-no-capabilities.service
da2bf9 
@@ -3,5 +3,6 @@ Description=Test CAP_SYS_MODULE ProtectKernelModules=no
da2bf9
da2bf9 
 [Service]
da2bf9 
 ProtectKernelModules=no
da2bf9 
-ExecStart=/bin/sh -x -c 'capsh --print | grep cap_sys_module'
da2bf9 
+# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
da2bf9 
+ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
da2bf9 
 Type=oneshot
da2bf9 
diff --git a/test/test-execute/exec-protectkernelmodules-yes-capabilities.service b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service
da2bf9 
index 84bf39be56..fe2ae208dd 100644
da2bf9 
--- a/test/test-execute/exec-protectkernelmodules-yes-capabilities.service
da2bf9 
+++ b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service
da2bf9 
@@ -3,5 +3,6 @@ Description=Test CAP_SYS_MODULE for ProtectKernelModules=yes
da2bf9
da2bf9 
 [Service]
da2bf9 
 ProtectKernelModules=yes
da2bf9 
-ExecStart=/bin/sh -x -c '! capsh --print | grep cap_sys_module'
da2bf9 
+# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
da2bf9 
+ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
da2bf9 
 Type=oneshot

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation