Home | History | Annotate | Download | only in src 
      1 #!/bin/sh
      2 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
      3 # Use of this source code is governed by a BSD-style license that can be
      4 # found in the LICENSE file.
      5 # args: -u 1000 -g 1000 -c 2
      6 # note that 2 = CAP_DAC_OVERRIDE
      7 
      8 . "$(dirname "$0")"/common.sh
      9 
     10 needreuid 1000
     11 needregid 1000
     12 
     13 # Test we've kept CAP_DAC_OVERRIDE.
     14 [ ! -w "$0" ] && die "Can't write to '$0'"
     15 
     16 # Test we've lost everything else.
     17 mismatch=""
     18 matched=0
     19 while read line; do
     20     if echo "$line" | grep -q '^CapEff:'; then
     21         caps=$(echo "$line" | awk '{print $NF}')
     22         if echo "$caps" | grep -q '^0000000000000002$'; then
     23             matched=1
     24         else
     25             mismatch="$caps"
     26         fi
     27     fi
     28 done </proc/self/status
     29 [ $matched -eq 1 ] || die "Did not drop non-CAP_DAC_OVERRIDE caps: $mismatch"
     30 
     31 exit 0
     32