You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The test tries to send a message to its PID minus one and expect it to not have permissions? But we're root now (unlike our fake root in Kubernetes before), so we do have permissions, but the PID-minus-one just doesn't exist?
Now that you are root, the test is somewhat moot. Both before and after I made that change, you were looking to elicit EPERM from the kernel -- once you have all capabilities, that's not going to happen. Essentially, you are testing the syscall here, not the Go logic.
You could add some logic where you spawn a new thread, lock it to an OS thread, drop capabilities and change user ID (just on the thread by doing syscall.Syscall(SYS_SETUID), not the POSIX-compliant thing that changes all threads), and then try to elicit EPERM -- but I would say it's not really worth it unless you are trying to test the syscall itself.