diff options
author | Anita Zhang <the.anitazha@gmail.com> | 2022-05-24 10:51:27 -0700 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-05-25 08:03:23 +0900 |
commit | 7e46a5c093e9e0d2e1ec734058e0caf1725ff37e (patch) | |
tree | 176000c4763b04c1b3b6b43633288a930ccb29bb /src/test/test-seccomp.c | |
parent | 620ecc9c4bb8769b2acb6c1b9b64b330d0f76fc1 (diff) | |
download | systemd-7e46a5c093e9e0d2e1ec734058e0caf1725ff37e.tar.gz |
test-seccomp: check for CAP_IPC_OWNER before calling shmat()
shmat() requires the CAP_IPC_OWNER capability. When running test-seccomp
in environments with root + CAP_SYS_ADMIN, but not CAP_IPC_OWNER,
memory_deny_write_execute_shmat would fail. This fixes it.
Diffstat (limited to 'src/test/test-seccomp.c')
-rw-r--r-- | src/test/test-seccomp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 7ccfeadbb8..45fe8f7c59 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c @@ -655,7 +655,7 @@ TEST(memory_deny_write_execute_shmat) { log_notice("Seccomp not available, skipping %s", __func__); return; } - if (!have_seccomp_privs()) { + if (!have_seccomp_privs() || have_effective_cap(CAP_IPC_OWNER) <= 0) { log_notice("Not privileged, skipping %s", __func__); return; } |