Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1

core:sandbox: Add new ProtectKernelTunables=, ProtectControlGroups=, ProtectSystem=strict and fixes
author: Evgeny Vereshchagin <evvers@ya.ru> 2016-09-28 04:50:30 +0300
committer: GitHub <noreply@github.com> 2016-09-28 04:50:30 +0300
commit: cc238590e472e8bbba6da262ac985ea59ad52c72 (patch)
tree: fc9754e546ccb3a6355bd4157bc590ab93478469 /test/test-execute/exec-privatedevices-yes-capability-mknod.service
parent: b8fafaf4a1cffd02389d61ed92ca7acb1b8c739c (diff)
parent: cdfbd1fb26eb75fe6beca47dce7e5e348b077d97 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/test/test-execute/exec-privatedevices-yes-capability-mknod.service b/test/test-execute/exec-privatedevices-yes-capability-mknod.service
new file mode 100644
index 0000000000..fb1fc2875a
--- /dev/null
+++ b/test/test-execute/exec-privatedevices-yes-capability-mknod.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Test CAP_MKNOD capability for PrivateDevices=yes
+
+[Service]
+PrivateDevices=yes
+ExecStart=/bin/sh -x -c '! capsh --print | grep cap_mknod'
+Type=oneshot
author	Evgeny Vereshchagin <evvers@ya.ru>	2016-09-28 04:50:30 +0300
committer	GitHub <noreply@github.com>	2016-09-28 04:50:30 +0300
commit	cc238590e472e8bbba6da262ac985ea59ad52c72 (patch)
tree	fc9754e546ccb3a6355bd4157bc590ab93478469 /test/test-execute/exec-privatedevices-yes-capability-mknod.service
parent	b8fafaf4a1cffd02389d61ed92ca7acb1b8c739c (diff)
parent	cdfbd1fb26eb75fe6beca47dce7e5e348b077d97 (diff)