| Index: sandbox/linux/services/credentials_unittest.cc
|
| diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc
|
| index 2884e740afef10e3aca7daf1b7cafa1f893bc118..dc085fbc672f6b943ed67f21aa5a99a806a0b09a 100644
|
| --- a/sandbox/linux/services/credentials_unittest.cc
|
| +++ b/sandbox/linux/services/credentials_unittest.cc
|
| @@ -11,6 +11,8 @@
|
| #include <sys/types.h>
|
| #include <unistd.h>
|
|
|
| +#include <vector>
|
| +
|
| #include "base/files/file_path.h"
|
| #include "base/files/file_util.h"
|
| #include "base/files/scoped_file.h"
|
| @@ -161,6 +163,26 @@ SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(CannotRegainPrivileges)) {
|
| CHECK(!Credentials::MoveToNewUserNS());
|
| }
|
|
|
| +SANDBOX_TEST(Credentials, SetCapabilities) {
|
| + // Probably missing kernel support.
|
| + if (!Credentials::MoveToNewUserNS()) return;
|
| +
|
| + base::ScopedFD proc_fd(ProcUtil::OpenProc());
|
| +
|
| + CHECK(Credentials::HasCapability(CAP_SYS_ADMIN));
|
| + CHECK(Credentials::HasCapability(CAP_SYS_CHROOT));
|
| +
|
| + const std::vector<cap_value_t> caps = {CAP_SYS_CHROOT};
|
| + CHECK(Credentials::SetCapabilities(proc_fd.get(), caps));
|
| +
|
| + CHECK(!Credentials::HasCapability(CAP_SYS_ADMIN));
|
| + CHECK(Credentials::HasCapability(CAP_SYS_CHROOT));
|
| +
|
| + const std::vector<cap_value_t> no_caps;
|
| + CHECK(Credentials::SetCapabilities(proc_fd.get(), no_caps));
|
| + CHECK(!Credentials::HasAnyCapability());
|
| +}
|
| +
|
| } // namespace.
|
|
|
| } // namespace sandbox.
|
|
|
Chromium Code Reviews
Issue 997463002:
Add SetCapabilities for setting capabilities to an exact set. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master