libtest: Skip FUSE if CAP_SYS_ADMIN not in bounding set

I'm not sure if something changed or there was a race condition , or
if extraterrestrials intervened to make the tests pass before, but
in the Docker container `/dev/fuse` does exist and since we appear
to be running as uid 0 it'll be writable.

We previously discussed that another requirement for FUSE (and most
setuid binaries) is having `CAP_SYS_ADMIN`, so let's check for that in
the bounding set too.

Closes: #266
Approved by: jlebon

diff --git a/tests/libtest.sh b/tests/libtest.sh
index afdf3649d510cb3f1383530920dc1557de755cc6..0ce10a629799a964f91b8b40b3becf4d6ea99da9 100755 (executable)
--- a/tests/libtest.sh
+++ b/tests/libtest.sh
@@ -378,6 +378,11 @@ skip_without_fuse () {
         exit 0
     fi
 
+    if ! capsh --print | grep -q 'Bounding set.*[^a-z]cap_sys_admin'; then
+       echo "1..0 # SKIP No cap_sys_admin in bounding set, can't use FUSE"
+        exit 0
+    fi
+
     if ! [ -w /dev/fuse ]; then
         echo "1..0 # SKIP no write access to /dev/fuse"
         exit 0