On Wed, 21 Aug 2024 at 18:03:03 +0200, Paride Legovini wrote:
> With 544a086e10a0192c5950c6211373219ee2227ead we introduced checking for
> capabilities when running the ChrootRunner tests; some more context is
> in the MR description [1].
>
> However, looks like this prevents running tests where full root
> permissions are available. Looks like the cuprit it CAP_SYS_ADMIN
> not being INHERITABLE
I thought these were the right capabilities masks, but perhaps not.
capabilities(7) always confuses me... perhaps instead of PERMITTED &&
INHERITABLE, I should have been checking for PERMITTED && EFFECTIVE?
The goal is that if you run debian/tests/podman (in a VM or on bare metal,
but not in a container), it should skip ChrootRunner, but if you run
debian/tests/autopkgtest (as root or with the ability to sudo, again in a
VM or on bare metal) it should run ChrootRunner.
smcv
