test-execute: check capabilities before running tests

Fixes #8193.

1 files changed, 14 insertions, 0 deletions

diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index ce88e2ea07..788249e885 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -24,6 +24,7 @@
 #include <sys/prctl.h>
 #include <sys/types.h>
 
+#include "capability-util.h"
 #include "cpu-set-util.h"
 #include "errno-list.h"
 #include "fileio.h"
@@ -532,6 +533,13 @@ static void test_exec_capabilityboundingset(Manager *m) {
                 return;
         }
 
+        if (have_effective_cap(CAP_CHOWN) <= 0 ||
+            have_effective_cap(CAP_FOWNER) <= 0 ||
+            have_effective_cap(CAP_KILL) <= 0) {
+                log_notice("Skipping %s, this process does not have enough capabilities", __func__);
+                return;
+        }
+
         test(m, "exec-capabilityboundingset-simple.service", 0, CLD_EXITED);
         test(m, "exec-capabilityboundingset-reset.service", 0, CLD_EXITED);
         test(m, "exec-capabilityboundingset-merge.service", 0, CLD_EXITED);
@@ -551,6 +559,12 @@ static void test_exec_ambientcapabilities(Manager *m) {
                 return;
         }
 
+        if (have_effective_cap(CAP_NET_ADMIN) <= 0 ||
+            have_effective_cap(CAP_NET_RAW) <= 0) {
+                log_notice("Skipping %s, this process does not have enough capabilities", __func__);
+                return;
+        }
+
         test(m, "exec-ambientcapabilities.service", 0, CLD_EXITED);
         test(m, "exec-ambientcapabilities-merge.service", 0, CLD_EXITED);