test-run: Filter out no-new-privs in capsh output

Older versions of capsh would only show the capabilities, which we expect not to change when we don't drop capabilities; but newer versions also display whether the NO_NEW_PRIVS bit is set, and we *do* expect to change that. Resolves: https://github.com/containers/bubblewrap/issues/544 Signed-off-by: Simon McVittie <smcv@collabora.com>
author: Simon McVittie <smcv@collabora.com> 2022-12-12 19:47:15 +0000
committer: Alexander Larsson <alexander.larsson@gmail.com> 2023-01-04 09:47:04 +0100
commit: 41fd02ad147907cedf88a7f7488ac18667adc919 (patch)
tree: bf81542b8ea0aac5e46c8eb79adf2b614f552a21
parent: b5f672355b916e6e59dad5ec9ca55aa90afe8a90 (diff)
download: bubblewrap-41fd02ad147907cedf88a7f7488ac18667adc919.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/tests/test-run.sh b/tests/test-run.sh
index 585fbf4..979480e 100755
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -153,10 +153,11 @@ if ! ${is_uidzero}; then
     done
     echo "ok - we have no caps as uid != 0"
 else
-    capsh --print > caps.orig
+    capsh --print | sed -e 's/no-new-privs=0/no-new-privs=1/' > caps.expected
+
     for OPT in "" "--as-pid-1"; do
         $RUN $OPT --unshare-pid capsh --print >caps.test
-        diff -u caps.orig caps.test
+        diff -u caps.expected caps.test
     done
     # And test that we can drop all, as well as specific caps
     $RUN $OPT --cap-drop ALL --unshare-pid capsh --print >caps.test
author	Simon McVittie <smcv@collabora.com>	2022-12-12 19:47:15 +0000
committer	Alexander Larsson <alexander.larsson@gmail.com>	2023-01-04 09:47:04 +0100
commit	41fd02ad147907cedf88a7f7488ac18667adc919 (patch)
tree	bf81542b8ea0aac5e46c8eb79adf2b614f552a21
parent	b5f672355b916e6e59dad5ec9ca55aa90afe8a90 (diff)
download	bubblewrap-41fd02ad147907cedf88a7f7488ac18667adc919.tar.gz