def test_setcaps(self):
"""Test the setcaps function"""
if self.am_root:
prctl.set_caps((prctl.CAP_SETUID, prctl.ALL_FLAGS, True))
else:
self.assertRaises(OSError, prctl.set_caps,
(prctl.CAP_SETUID, prctl.ALL_FLAGS, True))
self.assertEqual(
prctl.get_caps((prctl.CAP_SETUID, prctl.ALL_FLAGS)), {
prctl.CAP_EFFECTIVE: {
prctl.CAP_SETUID: self.am_root
},
prctl.CAP_PERMITTED: {
prctl.CAP_SETUID: self.am_root
},
prctl.CAP_INHERITABLE: {
prctl.CAP_SETUID: self.am_root
}
})
prctl.set_caps((prctl.CAP_SETUID, prctl.ALL_FLAGS, False))
self.assertEqual(
prctl.get_caps((prctl.CAP_SETUID, prctl.ALL_FLAGS)), {
prctl.CAP_EFFECTIVE: {
prctl.CAP_SETUID: False
},
prctl.CAP_PERMITTED: {
prctl.CAP_SETUID: False
},
prctl.CAP_INHERITABLE: {
prctl.CAP_SETUID: False
}
})
self.assertRaises(OSError, prctl.set_caps,
(prctl.CAP_SETUID, prctl.ALL_FLAGS, True))
def __drop_caps(self):
""" drop the CAP_NET_ADMIN capability """
try:
import prctl
prctl.set_caps((prctl.CAP_NET_ADMIN, prctl.CAP_EFFECTIVE, False))
except OSError, e:
import Zorp.Common
Zorp.Common.log(None, Zorp.Common.CORE_ERROR, 1, "Unable to drop NET_ADMIN capability; error='%s'" % (e))
raise e
def __acquire_caps(self):
""" aquire the CAP_NET_ADMIN capability """
try:
import prctl
prctl.set_caps((prctl.CAP_NET_ADMIN, prctl.CAP_EFFECTIVE, True))
except OSError, e:
import Zorp.Common
Zorp.Common.log(None, Zorp.Common.CORE_ERROR, 1, "Unable to acquire NET_ADMIN capability; error='%s'" % (e))
raise e
def __drop_caps(self):
""" drop the CAP_NET_ADMIN capability """
try:
import prctl
prctl.set_caps((prctl.CAP_NET_ADMIN, prctl.CAP_EFFECTIVE, False))
except OSError, e:
import Zorp.Common
Zorp.Common.log(
None, Zorp.Common.CORE_ERROR, 1,
"Unable to drop NET_ADMIN capability; error='%s'" % (e))
raise e
def __acquire_caps(self):
""" aquire the CAP_NET_ADMIN capability """
try:
import prctl
prctl.set_caps((prctl.CAP_NET_ADMIN, prctl.CAP_EFFECTIVE, True))
except OSError, e:
import Zorp.Common
Zorp.Common.log(
None, Zorp.Common.CORE_ERROR, 1,
"Unable to acquire NET_ADMIN capability; error='%s'" % (e))
raise e
def test_setcaps(self):
"""Test the setcaps function"""
if self.am_root:
prctl.set_caps((prctl.CAP_SETUID, prctl.ALL_FLAGS, True))
else:
self.assertRaises(OSError, prctl.set_caps, (prctl.CAP_SETUID, prctl.ALL_FLAGS, True))
self.assertEqual(prctl.get_caps((prctl.CAP_SETUID, prctl.ALL_FLAGS)),
{prctl.CAP_EFFECTIVE: {prctl.CAP_SETUID: self.am_root},
prctl.CAP_PERMITTED: {prctl.CAP_SETUID: self.am_root},
prctl.CAP_INHERITABLE: {prctl.CAP_SETUID: self.am_root}})
prctl.set_caps((prctl.CAP_SETUID, prctl.ALL_FLAGS, False))
self.assertEqual(prctl.get_caps((prctl.CAP_SETUID, prctl.ALL_FLAGS)),
{prctl.CAP_EFFECTIVE: {prctl.CAP_SETUID: False},
prctl.CAP_PERMITTED: {prctl.CAP_SETUID: False},
prctl.CAP_INHERITABLE: {prctl.CAP_SETUID: False}})
self.assertRaises(OSError, prctl.set_caps, (prctl.CAP_SETUID, prctl.ALL_FLAGS, True))