BACKGROUND: The skid_file_metadata_writeset_ownership(), defined in code/test/check_sfmw_set_ownership.c, dynamically decide expected results based on the environment (e.g., starting ownership, whoami). This was done because there's no way of know what user will execute these tests so the test cases dynamically respond to formulate the expected result. It currently works for root and the user that owns the cloned repo.
PROBLEM: What it doesn't account for is a user with the CAP_CHOWN capability. Any user with this capability that executes the test cases will get a false negative.
SOLUTION:
Add the necessary capabilities(7) functionality into devops_code
Update determine_exp_return() in check_sfmw_set_ownership.c to use this functionality
BACKGROUND: The
skid_file_metadata_writeset_ownership(), defined incode/test/check_sfmw_set_ownership.c, dynamically decide expected results based on the environment (e.g., starting ownership,whoami). This was done because there's no way of know what user will execute these tests so the test cases dynamically respond to formulate the expected result. It currently works for root and the user that owns the cloned repo.PROBLEM: What it doesn't account for is a user with the
CAP_CHOWNcapability. Any user with this capability that executes the test cases will get a false negative.SOLUTION:
devops_codedetermine_exp_return()incheck_sfmw_set_ownership.cto use this functionality