summaryrefslogtreecommitdiff
path: root/test/test-execute
diff options
context:
space:
mode:
Diffstat (limited to 'test/test-execute')
-rw-r--r--test/test-execute/exec-capabilityboundingset-invert.service4
-rw-r--r--test/test-execute/exec-privatedevices-no-capability-mknod.service4
-rw-r--r--test/test-execute/exec-privatedevices-no-capability-sys-rawio.service4
-rw-r--r--test/test-execute/exec-privatedevices-yes-capability-mknod.service4
-rw-r--r--test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service4
-rw-r--r--test/test-execute/exec-protectkernellogs-no-capabilities.service4
-rw-r--r--test/test-execute/exec-protectkernellogs-yes-capabilities.service4
-rw-r--r--test/test-execute/exec-protectkernelmodules-no-capabilities.service4
-rw-r--r--test/test-execute/exec-protectkernelmodules-yes-capabilities.service4
9 files changed, 18 insertions, 18 deletions
diff --git a/test/test-execute/exec-capabilityboundingset-invert.service b/test/test-execute/exec-capabilityboundingset-invert.service
index 5f37427603..4486f6c25d 100644
--- a/test/test-execute/exec-capabilityboundingset-invert.service
+++ b/test/test-execute/exec-capabilityboundingset-invert.service
@@ -2,7 +2,7 @@
Description=Test for CapabilityBoundingSet
[Service]
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep "^Bounding set .*cap_chown"'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep "^Bounding set .*cap_chown"'
Type=oneshot
CapabilityBoundingSet=~CAP_CHOWN
diff --git a/test/test-execute/exec-privatedevices-no-capability-mknod.service b/test/test-execute/exec-privatedevices-no-capability-mknod.service
index 4d61d9ffaa..8f135be0b5 100644
--- a/test/test-execute/exec-privatedevices-no-capability-mknod.service
+++ b/test/test-execute/exec-privatedevices-no-capability-mknod.service
@@ -3,6 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=no
[Service]
PrivateDevices=no
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_mknod'
Type=oneshot
diff --git a/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service b/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
index f7f7a16736..30ce549254 100644
--- a/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
+++ b/test/test-execute/exec-privatedevices-no-capability-sys-rawio.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=no
[Service]
PrivateDevices=no
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_rawio'
Type=oneshot
diff --git a/test/test-execute/exec-privatedevices-yes-capability-mknod.service b/test/test-execute/exec-privatedevices-yes-capability-mknod.service
index 5bcace0845..b98cfb5c7e 100644
--- a/test/test-execute/exec-privatedevices-yes-capability-mknod.service
+++ b/test/test-execute/exec-privatedevices-yes-capability-mknod.service
@@ -3,6 +3,6 @@ Description=Test CAP_MKNOD capability for PrivateDevices=yes
[Service]
PrivateDevices=yes
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_mknod'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_mknod'
Type=oneshot
diff --git a/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service b/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
index a246f950c1..5b0c0700f2 100644
--- a/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
+++ b/test/test-execute/exec-privatedevices-yes-capability-sys-rawio.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYS_RAWIO capability for PrivateDevices=yes
[Service]
PrivateDevices=yes
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_rawio'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_rawio'
Type=oneshot
diff --git a/test/test-execute/exec-protectkernellogs-no-capabilities.service b/test/test-execute/exec-protectkernellogs-no-capabilities.service
index 47d88534a9..36aae7caf1 100644
--- a/test/test-execute/exec-protectkernellogs-no-capabilities.service
+++ b/test/test-execute/exec-protectkernellogs-no-capabilities.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYSLOG for ProtectKernelLogs=no
[Service]
ProtectKernelLogs=no
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_syslog'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_syslog'
Type=oneshot
diff --git a/test/test-execute/exec-protectkernellogs-yes-capabilities.service b/test/test-execute/exec-protectkernellogs-yes-capabilities.service
index 11350f288a..4a5f1a08e9 100644
--- a/test/test-execute/exec-protectkernellogs-yes-capabilities.service
+++ b/test/test-execute/exec-protectkernellogs-yes-capabilities.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYSLOG for ProtectKernelLogs=yes
[Service]
ProtectKernelLogs=yes
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_syslog'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_syslog'
Type=oneshot
diff --git a/test/test-execute/exec-protectkernelmodules-no-capabilities.service b/test/test-execute/exec-protectkernelmodules-no-capabilities.service
index 8d7e2b52d4..1b73656305 100644
--- a/test/test-execute/exec-protectkernelmodules-no-capabilities.service
+++ b/test/test-execute/exec-protectkernelmodules-no-capabilities.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYS_MODULE ProtectKernelModules=no
[Service]
ProtectKernelModules=no
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c 'capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c 'capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module'
Type=oneshot
diff --git a/test/test-execute/exec-protectkernelmodules-yes-capabilities.service b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service
index fe2ae208dd..e43e72733c 100644
--- a/test/test-execute/exec-protectkernelmodules-yes-capabilities.service
+++ b/test/test-execute/exec-protectkernelmodules-yes-capabilities.service
@@ -3,6 +3,6 @@ Description=Test CAP_SYS_MODULE for ProtectKernelModules=yes
[Service]
ProtectKernelModules=yes
-# sed: remove dropped capabilities (cap_xxx-[epi]) from the output
-ExecStart=/bin/sh -x -c '! capsh --print | sed -r "s/[^ ]+?\-[epi]+//g" | grep cap_sys_module'
+# sed: remove dropped (cap_xxx-[epi]) and IAB capabilities from the output
+ExecStart=/bin/sh -x -c '! capsh --print | sed -re "s/[^ ]+?\-[epi]+//g" -e '/IAB/d' | grep cap_sys_module'
Type=oneshot
View Lorry Controller Status