test-execute: use CAP_CHOWN instead of CAP_NET_ADMIN

CAP_NET_ADMIN is somtrimes dropped by container runtime. This changes to use CAP_CHOWN instead of CAP_NET_ADMIN, as it is less likely to be dropped.
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2018-03-05 00:02:22 +0900
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2018-03-05 00:02:22 +0900
commit: e5ba1d324d3bda239907cd704a2f9646e777b820 (patch)
tree: 93d51690daee4d311b805343757578301e348f6b /test
parent: test-execute: check capabilities before running tests (diff)
download: systemd-e5ba1d324d3bda239907cd704a2f9646e777b820.tar.xz
systemd-e5ba1d324d3bda239907cd704a2f9646e777b820.zip
6 files changed, 12 insertions, 12 deletions
diff --git a/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service
index 00bec581b5f..d2cadebde45 100644
--- a/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service
+++ b/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service
@@ -2,8 +2,8 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=nfsnobody
-AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_CHOWN
 AmbientCapabilities=CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities-merge-nobody.service b/test/test-execute/exec-ambientcapabilities-merge-nobody.service
index 64964380e27..545081d6292 100644
--- a/test/test-execute/exec-ambientcapabilities-merge-nobody.service
+++ b/test/test-execute/exec-ambientcapabilities-merge-nobody.service
@@ -2,8 +2,8 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=nobody
-AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_CHOWN
 AmbientCapabilities=CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities-merge.service b/test/test-execute/exec-ambientcapabilities-merge.service
index 22b4c6d49e6..2e3fe59124f 100644
--- a/test/test-execute/exec-ambientcapabilities-merge.service
+++ b/test/test-execute/exec-ambientcapabilities-merge.service
@@ -2,8 +2,8 @@
 Description=Test for AmbientCapabilities (daemon)
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=daemon
-AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_CHOWN
 AmbientCapabilities=CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities-nfsnobody.service b/test/test-execute/exec-ambientcapabilities-nfsnobody.service
index 614cfdd5849..9377ee16b2d 100644
--- a/test/test-execute/exec-ambientcapabilities-nfsnobody.service
+++ b/test/test-execute/exec-ambientcapabilities-nfsnobody.service
@@ -2,7 +2,7 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=nfsnobody
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
+AmbientCapabilities=CAP_CHOWN CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities-nobody.service b/test/test-execute/exec-ambientcapabilities-nobody.service
index d63f884ef83..07a6c7511db 100644
--- a/test/test-execute/exec-ambientcapabilities-nobody.service
+++ b/test/test-execute/exec-ambientcapabilities-nobody.service
@@ -2,7 +2,7 @@
 Description=Test for AmbientCapabilities
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=nobody
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
+AmbientCapabilities=CAP_CHOWN CAP_NET_RAW
diff --git a/test/test-execute/exec-ambientcapabilities.service b/test/test-execute/exec-ambientcapabilities.service
index 0a3cfa4bf6d..d91cc09a485 100644
--- a/test/test-execute/exec-ambientcapabilities.service
+++ b/test/test-execute/exec-ambientcapabilities.service
@@ -2,7 +2,7 @@
 Description=Test for AmbientCapabilities (daemon)
 
 [Service]
-ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000003000"'
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
 Type=oneshot
 User=daemon
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
+AmbientCapabilities=CAP_CHOWN CAP_NET_RAW
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2018-03-05 00:02:22 +0900
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2018-03-05 00:02:22 +0900
commit	e5ba1d324d3bda239907cd704a2f9646e777b820 (patch)
tree	93d51690daee4d311b805343757578301e348f6b /test
parent	test-execute: check capabilities before running tests (diff)
download	systemd-e5ba1d324d3bda239907cd704a2f9646e777b820.tar.xz systemd-e5ba1d324d3bda239907cd704a2f9646e777b820.zip