1#!/bin/sh 2# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5# args: -u 1000 -g 1000 -c 2 6# note that 2 = CAP_DAC_OVERRIDE 7 8. "$(dirname "$0")"/common.sh 9 10needreuid 1000 11needregid 1000 12 13# Test we've kept CAP_DAC_OVERRIDE. 14[ ! -w "$0" ] && die "Can't write to '$0'" 15 16# Test we've lost everything else. 17mismatch="" 18matched=0 19while read line; do 20 if echo "$line" | grep -q '^CapEff:'; then 21 caps=$(echo "$line" | awk '{print $NF}') 22 if echo "$caps" | grep -q '^0000000000000002$'; then 23 matched=1 24 else 25 mismatch="$caps" 26 fi 27 fi 28done </proc/self/status 29[ $matched -eq 1 ] || die "Did not drop non-CAP_DAC_OVERRIDE caps: $mismatch" 30 31exit 0 32