Expand description
On Linux, the “root” user (UID 0) has some special capabilities that “regular” users do not normally have. This can result in weird behavior, e.g., if unit tests (or integration tests) are executed in the context of the “root” user, as Docker® containers do by default! For example, a file that should not be accessible (according to its access permissions) may suddenly become accessible – because the “root” user has the CAP_DAC_OVERRIDE capability, which allows them to access the file regardless of the access permissions. As a result, a test case that expects File::open() to return a “permission denied” error will suddenly start to fail 😨
This crate uses the Linux syscall prctl() with argument PR_CAPBSET_DROP to drop the “root”-specific capabilities at application startup and thus restores the expected behavior. It does nothing on other platforms.
§Usage
Simply add the following code to the top of your test module(s):
#[used]
static DROP_ROOT_CAPS: () = drop_root_caps::set_up();§See also
🔗 https://crates.io/crates/drop-root-caps
🔗 https://github.com/lordmulder/drop-root-caps
Functions§
- set_up
- Dummy set-up function to ensure that our crate will actually be linked