systemd/test/test-execute/exec-ambientcapabilities-merge-nfsnobody.service

# SPDX-License-Identifier: LGPL-2.1-or-later
[Unit]
Description=Test for AmbientCapabilities

[Service]
ExecStart=sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb:	0000000000002001"'
Type=oneshot
User=nfsnobody
AmbientCapabilities=CAP_CHOWN
AmbientCapabilities=CAP_NET_RAW
tests: add spdx license header to test unit/link/network/conf files Those are all consumed by our parser, so they all support comments. I was considering whether they should have a license header at all, but in the end I decided to add it because those files are often created by copying parts of real unit files. And if the real ones have a license, then those might as well. It's easier to add it than to make an exception. 2021-10-17 16:07:22 +00:00			`# SPDX-License-Identifier: LGPL-2.1-or-later`
test-execute: add nfsnobody alternative as a nobody user 2016-02-28 14:00:18 +00:00			`[Unit]`
			`Description=Test for AmbientCapabilities`

			`[Service]`
tests: use relative paths in ExecStart= and friends We want to retain some of the full paths in order to test more code paths. But the default should be to use the command name only. This makes the tests less visually cluttered. 2024-01-04 14:24:52 +00:00			`ExecStart=sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000002001"'`
test-execute: add nfsnobody alternative as a nobody user 2016-02-28 14:00:18 +00:00			`Type=oneshot`
			`User=nfsnobody`
test-execute: use CAP_CHOWN instead of CAP_NET_ADMIN CAP_NET_ADMIN is somtrimes dropped by container runtime. This changes to use CAP_CHOWN instead of CAP_NET_ADMIN, as it is less likely to be dropped. 2018-03-04 15:02:22 +00:00			`AmbientCapabilities=CAP_CHOWN`
test-execute: add nfsnobody alternative as a nobody user 2016-02-28 14:00:18 +00:00			`AmbientCapabilities=CAP_NET_RAW`