Skip to content

Commit

Permalink
doc: add comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@desbma
desbma committed Jul 15, 2024
1 parent 57fbeb5 commit 8ec737a
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/systemd/options.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1295,6 +1295,9 @@ pub fn build_options(
"CAP_CHOWN",
OptionValueEffect::DenySyscalls(DenySyscalls::Class("chown")),
),
// CAP_NET_BIND_SERVICE would be too complex/unreliable to handle:
// - for IPv4 sockets, either PROT_SOCK or net.ipv4.ip_unprivileged_port_start sysctl control the provileged port threshold
// - for other socket families, rules are different
(
"CAP_SYS_BOOT",
OptionValueEffect::DenySyscalls(DenySyscalls::Class("reboot")),
Expand Down
2 changes: 2 additions & 0 deletions tests/cl.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ use predicates::prelude::*;
// tests.
//

// TODO test CapabilityBoundingSet

#[test]
fn run_true() {
Command::cargo_bin(env!("CARGO_PKG_NAME"))
Expand Down

0 comments on commit 8ec737a

Please sign in to comment.