test-seccomp: check for CAP_IPC_OWNER before calling shmat()

shmat() requires the CAP_IPC_OWNER capability. When running test-seccomp in environments with root + CAP_SYS_ADMIN, but not CAP_IPC_OWNER, memory_deny_write_execute_shmat would fail. This fixes it.
author: Anita Zhang <the.anitazha@gmail.com> 2022-05-24 10:51:27 -0700
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2022-05-25 08:03:23 +0900
commit: 7e46a5c093e9e0d2e1ec734058e0caf1725ff37e (patch)
tree: 176000c4763b04c1b3b6b43633288a930ccb29bb /src/test/test-seccomp.c
parent: 620ecc9c4bb8769b2acb6c1b9b64b330d0f76fc1 (diff)
download: systemd-7e46a5c093e9e0d2e1ec734058e0caf1725ff37e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 7ccfeadbb8..45fe8f7c59 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -655,7 +655,7 @@ TEST(memory_deny_write_execute_shmat) {
                 log_notice("Seccomp not available, skipping %s", __func__);
                 return;
         }
-        if (!have_seccomp_privs()) {
+        if (!have_seccomp_privs() || have_effective_cap(CAP_IPC_OWNER) <= 0) {
                 log_notice("Not privileged, skipping %s", __func__);
                 return;
         }
author	Anita Zhang <the.anitazha@gmail.com>	2022-05-24 10:51:27 -0700
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2022-05-25 08:03:23 +0900
commit	7e46a5c093e9e0d2e1ec734058e0caf1725ff37e (patch)
tree	176000c4763b04c1b3b6b43633288a930ccb29bb /src/test/test-seccomp.c
parent	620ecc9c4bb8769b2acb6c1b9b64b330d0f76fc1 (diff)
download	systemd-7e46a5c093e9e0d2e1ec734058e0caf1725ff37e.tar.gz