Index: sandbox/linux/services/namespace_utils_unittest.cc |
diff --git a/sandbox/linux/services/namespace_utils_unittest.cc b/sandbox/linux/services/namespace_utils_unittest.cc |
index 42b469d8bbbb748a6ad62b594db48b2c01da59c8..41ed7e89a6e5bdae500b4f8cd32da10933937700 100644 |
--- a/sandbox/linux/services/namespace_utils_unittest.cc |
+++ b/sandbox/linux/services/namespace_utils_unittest.cc |
@@ -40,10 +40,17 @@ SANDBOX_TEST(NamespaceUtils, WriteToIdMapFile) { |
const uid_t uid = getuid(); |
const gid_t gid = getgid(); |
+ const bool supports_deny_setgroups = |
+ NamespaceUtils::KernelSupportsDenySetgroups(); |
+ |
const pid_t pid = |
base::ForkWithFlags(CLONE_NEWUSER | SIGCHLD, nullptr, nullptr); |
ASSERT_NE(-1, pid); |
if (pid == 0) { |
+ if (supports_deny_setgroups) { |
+ RAW_CHECK(NamespaceUtils::DenySetgroups()); |
+ } |
+ |
RAW_CHECK(getuid() != uid); |
RAW_CHECK(NamespaceUtils::WriteToIdMapFile("/proc/self/uid_map", uid)); |
RAW_CHECK(getuid() == uid); |