Skip to content

Commit 6d5ac2a

Browse files
lifubanglifubang
committed
add TestAmbientCapSet
Signed-off-by: lfbzhm <lifubang@acmcoder.com>
1 parent 569e170 commit 6d5ac2a

1 file changed

Lines changed: 63 additions & 0 deletions

File tree

capability/capability_test.go

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,16 @@ const (
2121
maxLastCap = CAP_CHECKPOINT_RESTORE
2222
)
2323

24+
func requirePCapSet(t *testing.T) {
25+
pid, err := NewPid(0)
26+
if err != nil {
27+
t.Fatal(err)
28+
}
29+
if !pid.Get(EFFECTIVE, CAP_SETPCAP) {
30+
t.Skip("The test needs `CAP_SETPCAP`.")
31+
}
32+
}
33+
2434
func TestLastCap(t *testing.T) {
2535
last, err := LastCap()
2636
switch runtime.GOOS {
@@ -68,3 +78,56 @@ func TestListSupported(t *testing.T) {
6878
t.Fatalf("result is too short (got %d, want %d): +%v", len(list), minLen, list)
6979
}
7080
}
81+
82+
func TestAmbientCapSet(t *testing.T) {
83+
if runtime.GOOS != "linux" {
84+
return
85+
}
86+
requirePCapSet(t)
87+
88+
capBounding := []Cap{CAP_KILL, CAP_CHOWN, CAP_SYSLOG}
89+
capPermitted := []Cap{CAP_KILL, CAP_CHOWN}
90+
capEffective := []Cap{CAP_KILL}
91+
capInheritable := []Cap{CAP_KILL, CAP_CHOWN}
92+
capAmbient := []Cap{CAP_KILL, CAP_CHOWN}
93+
94+
pid, err := newPid(0)
95+
if err != nil {
96+
t.Fatal(err)
97+
}
98+
pid.Set(BOUNDING, capBounding...)
99+
pid.Set(PERMITTED, capPermitted...)
100+
pid.Set(EFFECTIVE, capEffective...)
101+
pid.Set(INHERITABLE, capInheritable...)
102+
pid.Set(AMBIENT, capAmbient...)
103+
if err = pid.Apply(CAPS | BOUNDING | AMBIENT); err != nil {
104+
t.Fatal(err)
105+
}
106+
107+
// Restore the cap set data from current process
108+
if err = pid.Load(); err != nil {
109+
t.Fatal(err)
110+
}
111+
for _, cap := range capAmbient {
112+
if !pid.Get(AMBIENT, cap) {
113+
t.Fatalf("Can't get ambient cap(%d) from current process.\n", cap)
114+
}
115+
}
116+
117+
// Remove a ambient cap, to check `PR_CAP_AMBIENT_CLEAR_ALL` work.
118+
pid.Clear(AMBIENT)
119+
pid.Set(AMBIENT, capAmbient[0])
120+
if err = pid.Apply(CAPS | BOUNDING | AMBIENT); err != nil {
121+
t.Fatal(err)
122+
}
123+
124+
if err = pid.Load(); err != nil {
125+
t.Fatal(err)
126+
}
127+
if !pid.Get(AMBIENT, capAmbient[0]) {
128+
t.Fatalf("Can't get ambient cap(%d) from current process.\n", capAmbient[0])
129+
}
130+
if pid.Get(AMBIENT, capAmbient[1]) {
131+
t.Fatalf("Should not have the ambient cap(%d) in current process.\n", capAmbient[1])
132+
}
133+
}

0 commit comments

Comments
 (0)