summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xtests.sh13
1 files changed, 8 insertions, 5 deletions
diff --git a/tests.sh b/tests.sh
index ad71894..8eb4dc0 100755
--- a/tests.sh
+++ b/tests.sh
@@ -35,22 +35,25 @@ if [ -t 1 ]; then
fi
if command -v capsh &>/dev/null; then
- if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
+ if capsh --has-p=cap_dac_override &>/dev/null || capsh --has-p=cap_dac_read_search &>/dev/null; then
if [ -n "$BFS_TRIED_DROP" ]; then
cat >&2 <<EOF
-${RED}error: ${RST} Failed to drop capabilities.
+${RED}error:${RST} Failed to drop capabilities.
EOF
exit 1
fi
cat >&2 <<EOF
-${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
-${BLD}CAP_DAC_READ_SEARCH${RST}.
+${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}cap_dac_override${RST} and
+${BLD}cap_dac_read_search${RST}.
EOF
- BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+ BFS_TRIED_DROP=y exec capsh \
+ --drop=cap_dac_override,cap_dac_read_search \
+ --caps=cap_dac_override,cap_dac_read_search-eip \
+ -- "$0" "$@"
fi
elif [ "$EUID" -eq 0 ]; then
UNLESS=