client/site_tests/security_Minijail0/src/test-caps - mirrors/cros/chromiumos/third_party/autotest - Git at Google

 #!/bin/sh
 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 # args: -u 1000 -g 1000 -c 2 --ambient
 # note that 2 = CAP_DAC_OVERRIDE

 . "$(dirname "$0")"/common.sh

 needreuid 1000
 needregid 1000

 # Test we've kept CAP_DAC_OVERRIDE.
 [ ! -w "$0" ] && die "Can't write to '$0'"

 # Test we've lost everything else.
 mismatch=""
 matched=0
 while read line; do
     if echo "$line" | grep -q '^CapEff:'; then
         caps=$(echo "$line" | awk '{print $NF}')
         if echo "$caps" | grep -q '^0000000000000002$'; then
             matched=1
         else
             mismatch="$caps"
         fi
     fi
 done </proc/self/status
 [ $matched -eq 1 ] || die "Did not drop non-CAP_DAC_OVERRIDE caps: $mismatch"

 exit 0
	#!/bin/sh
	# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.
	# args: -u 1000 -g 1000 -c 2 --ambient
	# note that 2 = CAP_DAC_OVERRIDE

	. "$(dirname "$0")"/common.sh

	needreuid 1000
	needregid 1000

	# Test we've kept CAP_DAC_OVERRIDE.
	[ ! -w "$0" ] && die "Can't write to '$0'"

	# Test we've lost everything else.
	mismatch=""
	matched=0
	while read line; do
	if echo "$line" \| grep -q '^CapEff:'; then
	caps=$(echo "$line" \| awk '{print $NF}')
	if echo "$caps" \| grep -q '^0000000000000002$'; then
	matched=1
	else
	mismatch="$caps"
	fi
	fi
	done </proc/self/status
	[ $matched -eq 1 ] \|\| die "Did not drop non-CAP_DAC_OVERRIDE caps: $mismatch"

	exit 0