test-execute: add no_new_privs tests for SystemCallFilter

When starting a service with a non-root user and a SystemCallFilter and
other settings (like ProtectClock), the no_new_privs flag should not be set.

Also, test that CapabilityBoundingSet behaves correctly, since we need
to preserve some capabilities to do the seccomp filter and restore the
ones set by the service before executing.

0 files changed, 0 insertions, 0 deletions