diff options
author | Tavian Barnes <tavianator@tavianator.com> | 2021-03-22 17:19:31 -0400 |
---|---|---|
committer | Tavian Barnes <tavianator@tavianator.com> | 2021-03-22 17:19:31 -0400 |
commit | dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f (patch) | |
tree | 45900f9d15073cfc88c9ae2cb6d49d1b8e742777 | |
parent | f459579f2b7657a9dd28c84bc871b773553150c5 (diff) | |
download | bfs-dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f.tar.xz |
tests: Avoid looping forever when failing to drop capabilities
Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
-rwxr-xr-x | tests.sh | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -36,13 +36,21 @@ fi if command -v capsh &>/dev/null; then if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then + if [ -n "$BFS_TRIED_DROP" ]; then + cat >&2 <<EOF +${RED}error: ${RST} Failed to drop capabilities. +EOF + + exit 1 + fi + cat >&2 <<EOF ${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and ${BLD}CAP_DAC_READ_SEARCH${RST}. EOF - exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@" + BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@" fi elif [ "$EUID" -eq 0 ]; then UNLESS= |