#!/bin/sh
# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# args: -u 1000 -g 1000 -c 2
# note that 2 = CAP_DAC_OVERRIDE

. "$(dirname "$0")"/common.sh

needreuid 1000
needregid 1000

# Test we've kept CAP_DAC_OVERRIDE.
[ ! -w "$0" ] && die "Can't write to '$0'"

# Test we've lost everything else.
mismatch=""
matched=0
while read line; do
    if echo "$line" | grep -q '^CapEff:'; then
        caps=$(echo "$line" | awk '{print $NF}')
        if echo "$caps" | grep -q '^0000000000000002$'; then
            matched=1
        else
            mismatch="$caps"
        fi
    fi
done </proc/self/status
[ $matched -eq 1 ] || die "Did not drop non-CAP_DAC_OVERRIDE caps: $mismatch"

exit 0