diff options
| -rwxr-xr-x | tests.sh | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -35,22 +35,25 @@ if [ -t 1 ]; then fi if command -v capsh &>/dev/null; then - if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then + if capsh --has-p=cap_dac_override &>/dev/null || capsh --has-p=cap_dac_read_search &>/dev/null; then if [ -n "$BFS_TRIED_DROP" ]; then cat >&2 <<EOF -${RED}error: ${RST} Failed to drop capabilities. +${RED}error:${RST} Failed to drop capabilities. EOF exit 1 fi cat >&2 <<EOF -${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and -${BLD}CAP_DAC_READ_SEARCH${RST}. +${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}cap_dac_override${RST} and +${BLD}cap_dac_read_search${RST}. EOF - BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@" + BFS_TRIED_DROP=y exec capsh \ + --drop=cap_dac_override,cap_dac_read_search \ + --caps=cap_dac_override,cap_dac_read_search-eip \ + -- "$0" "$@" fi elif [ "$EUID" -eq 0 ]; then UNLESS= |