41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
From dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f Mon Sep 17 00:00:00 2001
|
|
From: Tavian Barnes <tavianator@tavianator.com>
|
|
Date: Mon, 22 Mar 2021 17:19:31 -0400
|
|
Subject: [PATCH] tests: Avoid looping forever when failing to drop
|
|
capabilities
|
|
|
|
Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
|
|
---
|
|
tests.sh | 10 +++++++++-
|
|
1 file changed, 9 insertions(+), 1 deletion(-)
|
|
|
|
diff --git tests.sh tests.sh
|
|
index 0bdd1d4..ad71894 100755
|
|
--- tests.sh
|
|
+++ tests.sh
|
|
@@ -36,13 +36,21 @@ fi
|
|
|
|
if command -v capsh &>/dev/null; then
|
|
if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
|
|
+ if [ -n "$BFS_TRIED_DROP" ]; then
|
|
+ cat >&2 <<EOF
|
|
+${RED}error: ${RST} Failed to drop capabilities.
|
|
+EOF
|
|
+
|
|
+ exit 1
|
|
+ fi
|
|
+
|
|
cat >&2 <<EOF
|
|
${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
|
|
${BLD}CAP_DAC_READ_SEARCH${RST}.
|
|
|
|
EOF
|
|
|
|
- exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
|
|
+ BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
|
|
fi
|
|
elif [ "$EUID" -eq 0 ]; then
|
|
UNLESS=
|
|
--
|
|
2.31.0
|
|
|