tests: test ambient capabilities.

The ambient capability tests are only run if the kernel has support for ambient capabilities.
author: Ismo Puustinen <ismo.puustinen@intel.com> 2016-01-05 13:34:41 +0200
committer: Ismo Puustinen <ismo.puustinen@intel.com> 2016-01-12 12:14:50 +0200
commit: 70d7aea5c7270764ee71d6828e76402001afed13 (patch)
tree: 57c25dddc2f558e19cebda3a5ec4a2eb9f6600b0 /test/test-execute
parent: 755d4b67a471ed1a3472b8536cb51315d4e4e3c1 (diff)
2 files changed, 17 insertions, 0 deletions
diff --git a/test/test-execute/exec-capabilityambientset-merge.service b/test/test-execute/exec-capabilityambientset-merge.service
new file mode 100644
index 0000000000..64964380e2
--- /dev/null
+++ b/test/test-execute/exec-capabilityambientset-merge.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test for AmbientCapabilities
+
+[Service]
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+Type=oneshot
+User=nobody
+AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_NET_RAW
diff --git a/test/test-execute/exec-capabilityambientset.service b/test/test-execute/exec-capabilityambientset.service
new file mode 100644
index 0000000000..d63f884ef8
--- /dev/null
+++ b/test/test-execute/exec-capabilityambientset.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Test for AmbientCapabilities
+
+[Service]
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+Type=oneshot
+User=nobody
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
author	Ismo Puustinen <ismo.puustinen@intel.com>	2016-01-05 13:34:41 +0200
committer	Ismo Puustinen <ismo.puustinen@intel.com>	2016-01-12 12:14:50 +0200
commit	70d7aea5c7270764ee71d6828e76402001afed13 (patch)
tree	57c25dddc2f558e19cebda3a5ec4a2eb9f6600b0 /test/test-execute
parent	755d4b67a471ed1a3472b8536cb51315d4e4e3c1 (diff)