void-packages/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch

From d36ece2ca7498b7ba5485d5010439b57f006c9c8 Mon Sep 17 00:00:00 2001
From: Tavian Barnes <tavianator@tavianator.com>
Date: Tue, 23 Mar 2021 11:46:26 -0400
Subject: [PATCH] tests: Actually remove capabilities after dropping them

---
 tests.sh | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git tests.sh tests.sh
index ad71894..8eb4dc0 100755
--- tests.sh
+++ tests.sh
@@ -35,22 +35,25 @@ if [ -t 1 ]; then
 fi
 
 if command -v capsh &>/dev/null; then
-    if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
+    if capsh --has-p=cap_dac_override &>/dev/null || capsh --has-p=cap_dac_read_search &>/dev/null; then
 	if [ -n "$BFS_TRIED_DROP" ]; then
             cat >&2 <<EOF
-${RED}error: ${RST} Failed to drop capabilities.
+${RED}error:${RST} Failed to drop capabilities.
 EOF
 
 	    exit 1
 	fi
 
         cat >&2 <<EOF
-${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
-${BLD}CAP_DAC_READ_SEARCH${RST}.
+${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}cap_dac_override${RST} and
+${BLD}cap_dac_read_search${RST}.
 
 EOF
 
-        BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+        BFS_TRIED_DROP=y exec capsh \
+            --drop=cap_dac_override,cap_dac_read_search \
+            --caps=cap_dac_override,cap_dac_read_search-eip \
+            -- "$0" "$@"
     fi
 elif [ "$EUID" -eq 0 ]; then
     UNLESS=
-- 
2.31.1
bfs: update to 2.2. 2021-03-13 16:39:19 +00:00			`From d36ece2ca7498b7ba5485d5010439b57f006c9c8 Mon Sep 17 00:00:00 2001`
			`From: Tavian Barnes <tavianator@tavianator.com>`
			`Date: Tue, 23 Mar 2021 11:46:26 -0400`
			`Subject: [PATCH] tests: Actually remove capabilities after dropping them`

			`---`
			`tests.sh \| 13 ++++++++-----`
			`1 file changed, 8 insertions(+), 5 deletions(-)`

			`diff --git tests.sh tests.sh`
			`index ad71894..8eb4dc0 100755`
			`--- tests.sh`
			`+++ tests.sh`
			`@@ -35,22 +35,25 @@ if [ -t 1 ]; then`
			`fi`

			`if command -v capsh &>/dev/null; then`
			`- if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null \|\| capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then`
			`+ if capsh --has-p=cap_dac_override &>/dev/null \|\| capsh --has-p=cap_dac_read_search &>/dev/null; then`
			`if [ -n "$BFS_TRIED_DROP" ]; then`
			`cat >&2 <<EOF`
			`-${RED}error: ${RST} Failed to drop capabilities.`
			`+${RED}error:${RST} Failed to drop capabilities.`
			`EOF`

			`exit 1`
			`fi`

			`cat >&2 <<EOF`
			`-${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and`
			`-${BLD}CAP_DAC_READ_SEARCH${RST}.`
			`+${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}cap_dac_override${RST} and`
			`+${BLD}cap_dac_read_search${RST}.`

			`EOF`

			`- BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"`
			`+ BFS_TRIED_DROP=y exec capsh \`
			`+ --drop=cap_dac_override,cap_dac_read_search \`
			`+ --caps=cap_dac_override,cap_dac_read_search-eip \`
			`+ -- "$0" "$@"`
			`fi`
			`elif [ "$EUID" -eq 0 ]; then`
			`UNLESS=`
			`--`
			`2.31.1`