diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2019-12-07 09:06:13 -0800 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2019-12-07 09:06:46 -0800 |
commit | c11d8215a3a0f395b2807dd76f88bc77e7594009 (patch) | |
tree | 584d1ee1de4e596427b11e32a3d7855cb587577a /progs | |
parent | e305dd20d7bca17ac84cb3c8c7869d3fbd181ecd (diff) | |
download | libcap2-c11d8215a3a0f395b2807dd76f88bc77e7594009.tar.gz |
Minor test enhancement related to ambient caps
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'progs')
-rw-r--r-- | progs/capsh.c | 1 | ||||
-rwxr-xr-x | progs/quicktest.sh | 3 |
2 files changed, 2 insertions, 2 deletions
diff --git a/progs/capsh.c b/progs/capsh.c index a04c413..d884995 100644 --- a/progs/capsh.c +++ b/progs/capsh.c @@ -705,6 +705,7 @@ int main(int argc, char *argv[], char *envp[]) " --decode=xxx decode a hex string to a list of caps\n" " --supports=xxx exit 1 if capability xxx unsupported\n" " --drop=xxx remove xxx,.. capabilities from bset\n" + " --has-ambient fail immediately unless ambient supported\n" " --addamb=xxx add xxx,... capabilities to ambient set\n" " --delamb=xxx remove xxx,... capabilities from ambient\n" " --noamb=xxx reset the ambient capabilities\n" diff --git a/progs/quicktest.sh b/progs/quicktest.sh index 33c46a8..fcba673 100755 --- a/progs/quicktest.sh +++ b/progs/quicktest.sh @@ -44,7 +44,6 @@ pass_capsh () { pass_capsh --print - # Make a local non-setuid-0 version of capsh and call it privileged cp ./capsh ./privileged && /bin/chmod -s ./privileged if [ $? -ne 0 ]; then @@ -209,7 +208,7 @@ if [ $? -eq 0 ]; then # lead to a privilege escalation outside of the namespace it # refers to. We suppress uid=0 privilege and confirm this # nsprivileged binary does not have the power to change uid. - fail_capsh --secbits=0x2f --print -- -c "./nsprivileged --uid=$nouid" + fail_capsh --secbits=$secbits --print -- -c "./nsprivileged --uid=$nouid" else echo "ns file caps not supported - skipping test" fi |