systemd/test/test-execute/exec-capabilityboundingset-invert.service
Zbigniew Jędrzejewski-Szmek c725631f4b test-execute: simplify checks if grep output is empty
grep already indicates if it matched anything by return value.
Additional advantage is then that if the test fails, the unexpected
matching lines are visible in the log output.
2018-03-22 15:57:56 +01:00

8 lines
184 B
Desktop File

[Unit]
Description=Test for CapabilityBoundingSet
[Service]
ExecStart=/bin/sh -x -c '! capsh --print | grep "^Bounding set .*cap_chown"'
Type=oneshot
CapabilityBoundingSet=~CAP_CHOWN