mirror of
https://github.com/systemd/systemd.git
synced 2026-06-24 08:47:49 +00:00
b49a4696c4
If sh is not bash, some builtin command behave slightly differently. E.g. if sh is provided by busybox, its builtin test command does not check if the path is a mount point or not, and 'test -w' only checks the access mode of the inode. So, even if a readonly filesystem is mounted on a directory, the test command may succeed. To avoid such confusion, let's unconditionally use bash.
11 lines
355 B
Desktop File
11 lines
355 B
Desktop File
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
[Unit]
|
|
Description=Test bounding set is right with SystemCallFilter and non-root user
|
|
|
|
[Service]
|
|
ExecStart=bash -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_net_bind_service"'
|
|
Type=oneshot
|
|
User=1
|
|
SystemCallFilter=@system-service
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|