add test for apply bounding or ambient caps for other process

Signed-off-by: lifubang <lifubang@acmcoder.com>
moby · Oct 15, 2024 · d85f137 · d85f137
1 parent 9638323
commit d85f137
Showing 1 changed file with 34 additions and 3 deletions.
diff --git a/capability/capability_test.go b/capability/capability_test.go
@@ -2,13 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package capability_test
+package capability
 
 import (
+ "errors"
  "runtime"
  "testing"
-
- . "github.com/moby/sys/capability"
 )
 
 // Based on the fact Go 1.18+ supports Linux >= 2.6.32, and
@@ -151,3 +150,35 @@ func TestAmbientCapSet(t *testing.T) {
  }
  }
 }
+
+func TestApplyAmbientCapsForOtherProcess(t *testing.T) {
+ if runtime.GOOS != "linux" {
+ return
+ }
+ requirePCapSet(t)
+
+ pid, err := NewPid(1)
+ if err != nil {
+ t.Fatal(err)
+ }
+ err = pid.Apply(AMBIENT)
+ if !errors.Is(err, errAmbientNotMine) {
+ t.Fatalf("expected not support error when rasing ambient caps for other process, but got: %v", err)
+ }
+}
+
+func TestApplyBoundingCapsForOtherProcess(t *testing.T) {
+ if runtime.GOOS != "linux" {
+ return
+ }
+ requirePCapSet(t)
+
+ pid, err := NewPid(1)
+ if err != nil {
+ t.Fatal(err)
+ }
+ err = pid.Apply(BOUNDING)
+ if !errors.Is(err, errBoundingNotMine) {
+ t.Fatalf("expected not support error when drop bounding caps for other process, but got: %v", err)
+ }
+}