void-packages/srcpkgs/bfs/patches/0002-tests-Avoid-looping-fo...

42 lines
1.2 KiB
Diff

From dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f Mon Sep 17 00:00:00 2001
From: Tavian Barnes <tavianator@tavianator.com>
Date: Mon, 22 Mar 2021 17:19:31 -0400
Subject: [PATCH] tests: Avoid looping forever when failing to drop
capabilities
Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
---
tests.sh | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git tests.sh tests.sh
index 0bdd1d4..ad71894 100755
--- tests.sh
+++ tests.sh
@@ -36,13 +36,21 @@ fi
if command -v capsh &>/dev/null; then
if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
+ if [ -n "$BFS_TRIED_DROP" ]; then
+ cat >&2 <<EOF
+${RED}error: ${RST} Failed to drop capabilities.
+EOF
+
+ exit 1
+ fi
+
cat >&2 <<EOF
${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
${BLD}CAP_DAC_READ_SEARCH${RST}.
EOF
- exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+ BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
fi
elif [ "$EUID" -eq 0 ]; then
UNLESS=
--
2.31.0