diff options
author | Alan Somers <asomers@gmail.com> | 2019-05-26 18:07:52 -0600 |
---|---|---|
committer | Alan Somers <asomers@gmail.com> | 2019-06-06 08:51:54 -0600 |
commit | d39bdbdd9cbe6bb5c782c8ea14932ec62c272764 (patch) | |
tree | 4bb4d8c2f05647568d4b466f8e8dd3eed8ea3c23 /test/test_kmod/mod.rs | |
parent | 913f8f4748a902842e84f23e00adcddeead4a7a9 (diff) | |
download | nix-d39bdbdd9cbe6bb5c782c8ea14932ec62c272764.zip |
Fix kmod tests on in Linux containers
It's not sufficient to check for root privileges, because a
containerized process may have root's euid but still lack important
capabilities. Fix these tests by checking for the CAP_SYS_MOD
capability.
Diffstat (limited to 'test/test_kmod/mod.rs')
-rw-r--r-- | test/test_kmod/mod.rs | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/test/test_kmod/mod.rs b/test/test_kmod/mod.rs index e0cb0df5..86558d1b 100644 --- a/test/test_kmod/mod.rs +++ b/test/test_kmod/mod.rs @@ -40,7 +40,7 @@ use std::io::Read; #[test] fn test_finit_and_delete_module() { - skip_if_not_root!("test_finit_module"); + require_capability!(CAP_SYS_MODULE); let (kmod_path, kmod_name, _kmod_dir) = compile_kernel_module(); @@ -56,7 +56,7 @@ fn test_finit_and_delete_module() { #[test] fn test_finit_and_delete_modul_with_params() { - skip_if_not_root!("test_finit_module_with_params"); + require_capability!(CAP_SYS_MODULE); let (kmod_path, kmod_name, _kmod_dir) = compile_kernel_module(); @@ -75,7 +75,7 @@ fn test_finit_and_delete_modul_with_params() { #[test] fn test_init_and_delete_module() { - skip_if_not_root!("test_init_module"); + require_capability!(CAP_SYS_MODULE); let (kmod_path, kmod_name, _kmod_dir) = compile_kernel_module(); @@ -93,7 +93,7 @@ fn test_init_and_delete_module() { #[test] fn test_init_and_delete_module_with_params() { - skip_if_not_root!("test_init_module"); + require_capability!(CAP_SYS_MODULE); let (kmod_path, kmod_name, _kmod_dir) = compile_kernel_module(); @@ -112,7 +112,7 @@ fn test_init_and_delete_module_with_params() { #[test] fn test_finit_module_invalid() { - skip_if_not_root!("test_finit_module_invalid"); + require_capability!(CAP_SYS_MODULE); let kmod_path = "/dev/zero"; @@ -124,7 +124,7 @@ fn test_finit_module_invalid() { #[test] fn test_finit_module_twice_and_delete_module() { - skip_if_not_root!("test_finit_module_twice_and_delete_module"); + require_capability!(CAP_SYS_MODULE); let (kmod_path, kmod_name, _kmod_dir) = compile_kernel_module(); @@ -144,7 +144,7 @@ fn test_finit_module_twice_and_delete_module() { #[test] fn test_delete_module_not_loaded() { - skip_if_not_root!("test_delete_module_not_loaded"); + require_capability!(CAP_SYS_MODULE); let result = delete_module(&CString::new("hello").unwrap(), DeleteModuleFlags::empty()); |