Skip to content

test-run: Filter out no-new-privs in capsh output#545

Merged
alexlarsson merged 1 commit intocontainers:mainfrom
smcv:capsh-no-new-privs
Jan 4, 2023
Merged

test-run: Filter out no-new-privs in capsh output#545
alexlarsson merged 1 commit intocontainers:mainfrom
smcv:capsh-no-new-privs

Conversation

@smcv
Copy link
Collaborator

@smcv smcv commented Dec 12, 2022
edited
Loading

Older versions of capsh would only show the capabilities, which we expect not to change when we don't drop capabilities; but newer versions also display whether the NO_NEW_PRIVS bit is set, and we do expect to change that.

Resolves: #544

@smcv
test-run: Filter out no-new-privs in capsh output
87de53f 
Older versions of capsh would only show the capabilities, which we
expect not to change when we don't drop capabilities; but newer
versions also display whether the NO_NEW_PRIVS bit is set, and we *do*
expect to change that.

Resolves: containers#544
Signed-off-by: Simon McVittie <[email protected]>
@smcv smcv marked this pull request as ready for review December 13, 2022 11:06
@smcv smcv removed the help wanted label Dec 13, 2022
@smcv
Copy link
Collaborator Author

smcv commented Dec 13, 2022

I can reproduce this after an upgrade with sudo make check, and this PR does fix it as I hoped.

@smcv smcv mentioned this pull request Jan 3, 2023
Merged
@alexlarsson
Copy link
Collaborator

alexlarsson commented Jan 4, 2023

lgtm

@alexlarsson alexlarsson merged commit 41fd02a into containers:main Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

test regression with recent libcap2 when running as root

2 participants

@smcv @alexlarsson