Crate drop_root_caps

Expand description

On Linux, the “root” user (UID 0) has some special capabilities that “regular” users do not normally have. This can result in weird behavior, e.g., if unit tests (or integration tests) are executed in the context of the “root” user, as Docker® containers do by default! For example, a file that should not be accessible (according to its access permissions) may suddenly become accessible – because the “root” user has the CAP_DAC_OVERRIDE capability, which allows them to access the file regardless of the access permissions. As a result, a test case that expects File::open() to return a “permission denied” error will suddenly start to fail 😨

This crate uses the Linux syscall prctl() with argument PR_CAPBSET_DROP to drop the “root”-specific capabilities at application startup and thus restores the expected behavior. It does nothing on other platforms.

§Usage

Simply add the following code to the top of your test module(s):

#[used]
static DROP_ROOT_CAPS: () = drop_root_caps::set_up();

§Features

The ctor feature, which is enabled by default, uses the ctor crate to drop the “root” user capabilities before the main() function or any of your #[test] functions run. This is the recommended way to use this crate 😎

If you disable the ctor feature, then drop_root_caps() must be called explicitly, because it will not be called automatically. However, if the ctor feature is enabled (the default), then calling drop_root_caps() is not required or useful!

Note: For the ctor feature to work as expected, you must call the static set_up() function, as describe above 🚨

Functions§

drop_root_caps: Drop the “root” user capabilities now.
set_up: Dummy set-up function to ensure that our crate will actually be linked