mirror of
https://github.com/systemd/systemd
synced 2024-11-05 18:25:39 +00:00
63403f07b0
We want to retain *some* of the full paths in order to test more code paths. But the default should be to use the command name only. This makes the tests less visually cluttered.
10 lines
353 B
Desktop File
10 lines
353 B
Desktop File
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
[Unit]
|
|
Description=Test bounding set is right with SystemCallFilter and non-root user
|
|
|
|
[Service]
|
|
ExecStart=sh -x -c 'c=$$(capsh --print | grep "Bounding set "); test "$$c" = "Bounding set =cap_net_bind_service"'
|
|
Type=oneshot
|
|
User=1
|
|
SystemCallFilter=@system-service
|
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|