diff options
| author | Alan Somers <asomers@gmail.com> | 2019-05-26 17:47:49 -0600 |
|---|---|---|
| committer | Alan Somers <asomers@gmail.com> | 2019-06-06 08:51:54 -0600 |
| commit | 913f8f4748a902842e84f23e00adcddeead4a7a9 (patch) | |
| tree | 95ed8048da4c86a30500737458a5ff46514fb5bf /test/sys | |
| parent | 99c42bbfbae06b386c777e6151c631c9e414cd6f (diff) | |
| download | nix-913f8f4748a902842e84f23e00adcddeead4a7a9.zip | |
Fix the is_so_mark_functional test in Linux containers
It's not sufficient to check for root privileges. In a container, the
euid may be root even though the user lacks some capabilities. Replace
this test's root check with a check for the CAP_NET_ADMIN capability
instead.
Diffstat (limited to 'test/sys')
| -rw-r--r-- | test/sys/test_sockopt.rs | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/test/sys/test_sockopt.rs b/test/sys/test_sockopt.rs index efe2c56b..5dcdfc02 100644 --- a/test/sys/test_sockopt.rs +++ b/test/sys/test_sockopt.rs @@ -1,6 +1,27 @@ use rand::{thread_rng, Rng}; use nix::sys::socket::{socket, sockopt, getsockopt, setsockopt, AddressFamily, SockType, SockFlag, SockProtocol}; +#[cfg(target_os = "linux")] +#[test] +fn is_so_mark_functional() { + use ::caps::{Capability, CapSet, has_cap}; + use ::std::io::{self, Write}; + use nix::sys::socket::sockopt; + + if !has_cap(None, CapSet::Effective, Capability::CAP_NET_ADMIN).unwrap() { + let stderr = io::stderr(); + let mut handle = stderr.lock(); + writeln!(handle, "SO_MARK requires CAP_NET_ADMIN. Skipping test.") + .unwrap(); + return; + } + + let s = socket(AddressFamily::Inet, SockType::Stream, SockFlag::empty(), None).unwrap(); + setsockopt(s, sockopt::Mark, &1337).unwrap(); + let mark = getsockopt(s, sockopt::Mark).unwrap(); + assert_eq!(mark, 1337); +} + #[test] fn test_so_buf() { let fd = socket(AddressFamily::Inet, SockType::Datagram, SockFlag::empty(), SockProtocol::Udp) |