summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTavian Barnes <tavianator@tavianator.com>2021-03-22 17:19:31 -0400
committerTavian Barnes <tavianator@tavianator.com>2021-03-22 17:19:31 -0400
commitdbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f (patch)
tree45900f9d15073cfc88c9ae2cb6d49d1b8e742777
parentf459579f2b7657a9dd28c84bc871b773553150c5 (diff)
downloadbfs-dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f.tar.xz
tests: Avoid looping forever when failing to drop capabilities
Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
-rwxr-xr-xtests.sh10
1 files changed, 9 insertions, 1 deletions
diff --git a/tests.sh b/tests.sh
index 0bdd1d4..ad71894 100755
--- a/tests.sh
+++ b/tests.sh
@@ -36,13 +36,21 @@ fi
if command -v capsh &>/dev/null; then
if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
+ if [ -n "$BFS_TRIED_DROP" ]; then
+ cat >&2 <<EOF
+${RED}error: ${RST} Failed to drop capabilities.
+EOF
+
+ exit 1
+ fi
+
cat >&2 <<EOF
${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
${BLD}CAP_DAC_READ_SEARCH${RST}.
EOF
- exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+ BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
fi
elif [ "$EUID" -eq 0 ]; then
UNLESS=