summaryrefslogtreecommitdiff
path: root/test/test-execute/exec-capabilityambientset-nfsnobody.service
diff options
context:
space:
mode:
authorDaniel Mack <github@zonque.org>2016-03-21 12:57:43 +0100
committerDaniel Mack <github@zonque.org>2016-03-21 12:57:43 +0100
commit68de79d6a42ac6da4268ac48b699a6cd553afc14 (patch)
treed0e94499e8fb96fcd72adbafc90f8a2c668142bd /test/test-execute/exec-capabilityambientset-nfsnobody.service
parent19180aadb562d43811b1c4f961f0e0b778c132ce (diff)
parent50f130c286c4a4cb87a94a0fc419a4462a98a7a1 (diff)
Merge pull request #2760 from ronnychevalier/rc/core_no_new_privileges_seccompv3
core: set NoNewPrivileges for seccomp if we don't have CAP_SYS_ADMIN
Diffstat (limited to 'test/test-execute/exec-capabilityambientset-nfsnobody.service')
-rw-r--r--test/test-execute/exec-capabilityambientset-nfsnobody.service8
1 files changed, 8 insertions, 0 deletions
diff --git a/test/test-execute/exec-capabilityambientset-nfsnobody.service b/test/test-execute/exec-capabilityambientset-nfsnobody.service
new file mode 100644
index 0000000000..614cfdd584
--- /dev/null
+++ b/test/test-execute/exec-capabilityambientset-nfsnobody.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Test for AmbientCapabilities
+
+[Service]
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+Type=oneshot
+User=nfsnobody
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-04 15:22:10 +0000