Skip to content

Make tests pass if we are euid != 0 with capabilities

Simon McVittie requested to merge wip/smcv/but-what-if-capabilities into master

  • tests: Cope with having CAP_DAC_OVERRIDE, even if not euid 0

    Some CI platforms invoke these tests with euid != 0 but with capabilities. Detect whether we have Linux CAP_DAC_OVERRIDE or other OSs' equivalents, and skip tests that rely on DAC permissions being denied if we do have that privilege.

    Fixes: #2027 (closed), #2028 (closed)

  • tests: Don't assume that unprivileged uids are bound by RLIMIT_NPROC

    Some CI platforms invoke tests as euid != 0, but with capabilities that include CAP_SYS_RESOURCE and/or CAP_SYS_ADMIN. If we detect this, we can't test what happens if our RLIMIT_NPROC is too low to create a thread, because RLIMIT_NPROC is bypassed in these cases.

    Fixes: #2029 (closed)

Tested locally as an unprivileged uid != 0 and as fully-privileged uid 0, and on Gitlab-CI as uid != 0 with capabilities.

Edited by Simon McVittie

Merge request reports