/usr/lib/python2.7/dist-packages/oslo_privsep/tests/test_capabilities.py is in python-oslo.privsep 1.27.0-0ubuntu3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | # Copyright 2015 Rackspace Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import mock
from oslotest import base
from oslo_privsep import capabilities
class TestCapabilities(base.BaseTestCase):
@mock.patch('oslo_privsep.capabilities._prctl')
def test_set_keepcaps_error(self, mock_prctl):
mock_prctl.return_value = -1
self.assertRaises(OSError, capabilities.set_keepcaps, True)
@mock.patch('oslo_privsep.capabilities._prctl')
def test_set_keepcaps(self, mock_prctl):
mock_prctl.return_value = 0
capabilities.set_keepcaps(True)
# Disappointingly, ffi.cast(type, 1) != ffi.cast(type, 1)
# so can't just use assert_called_once_with :-(
self.assertEqual(1, mock_prctl.call_count)
self.assertItemsEqual(
[8, 1], # [PR_SET_KEEPCAPS, true]
[int(x) for x in mock_prctl.call_args[0]])
@mock.patch('oslo_privsep.capabilities._capset')
def test_drop_all_caps_except_error(self, mock_capset):
mock_capset.return_value = -1
self.assertRaises(
OSError, capabilities.drop_all_caps_except, [0], [0], [0])
@mock.patch('oslo_privsep.capabilities._capset')
def test_drop_all_caps_except(self, mock_capset):
mock_capset.return_value = 0
# Somewhat arbitrary bit patterns to exercise _caps_to_mask
capabilities.drop_all_caps_except(
(17, 24, 49), (8, 10, 35, 56), (24, 31, 40))
self.assertEqual(1, mock_capset.call_count)
hdr, data = mock_capset.call_args[0]
self.assertEqual(0x20071026, # _LINUX_CAPABILITY_VERSION_2
hdr.version)
self.assertEqual(0x01020000, data[0].effective)
self.assertEqual(0x00020000, data[1].effective)
self.assertEqual(0x00000500, data[0].permitted)
self.assertEqual(0x01000008, data[1].permitted)
self.assertEqual(0x81000000, data[0].inheritable)
self.assertEqual(0x00000100, data[1].inheritable)
@mock.patch('oslo_privsep.capabilities._capget')
def test_get_caps_error(self, mock_capget):
mock_capget.return_value = -1
self.assertRaises(OSError, capabilities.get_caps)
@mock.patch('oslo_privsep.capabilities._capget')
def test_get_caps(self, mock_capget):
def impl(hdr, data):
# Somewhat arbitrary bit patterns to exercise _mask_to_caps
data[0].effective = 0x01020000
data[1].effective = 0x00020000
data[0].permitted = 0x00000500
data[1].permitted = 0x01000008
data[0].inheritable = 0x81000000
data[1].inheritable = 0x00000100
return 0
mock_capget.side_effect = impl
self.assertItemsEqual(
([17, 24, 49],
[8, 10, 35, 56],
[24, 31, 40]),
capabilities.get_caps())
|