From 70d7aea5c7270764ee71d6828e76402001afed13 Mon Sep 17 00:00:00 2001
From: Ismo Puustinen <ismo.puustinen@intel.com>
Date: Tue, 5 Jan 2016 13:34:41 +0200
Subject: tests: test ambient capabilities.

The ambient capability tests are only run if the kernel has support for
ambient capabilities.
---
 test/test-execute/exec-capabilityambientset-merge.service | 9 +++++++++
 test/test-execute/exec-capabilityambientset.service       | 8 ++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 test/test-execute/exec-capabilityambientset-merge.service
 create mode 100644 test/test-execute/exec-capabilityambientset.service

(limited to 'test')

diff --git a/test/test-execute/exec-capabilityambientset-merge.service b/test/test-execute/exec-capabilityambientset-merge.service
new file mode 100644
index 0000000000..64964380e2
--- /dev/null
+++ b/test/test-execute/exec-capabilityambientset-merge.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Test for AmbientCapabilities
+
+[Service]
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+Type=oneshot
+User=nobody
+AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_NET_RAW
diff --git a/test/test-execute/exec-capabilityambientset.service b/test/test-execute/exec-capabilityambientset.service
new file mode 100644
index 0000000000..d63f884ef8
--- /dev/null
+++ b/test/test-execute/exec-capabilityambientset.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Test for AmbientCapabilities
+
+[Service]
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+Type=oneshot
+User=nobody
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
-- 
cgit v1.2.3-54-g00ecf