// This test verifies that an operation ('ping') that needs `NET_RAW`
// capability does not succeed if the capability `NET_RAW` is dropped.
TEST_F(CapabilitiesTest, ROOT_PingWithNoNetRawCaps)
{
Try<Capabilities> manager = Capabilities::create();
ASSERT_SOME(manager);
Try<ProcessCapabilities> capabilities = manager->get();
ASSERT_SOME(capabilities);
capabilities->drop(capabilities::PERMITTED, capabilities::NET_RAW);
Try<Subprocess> s = ping(capabilities->get(capabilities::PERMITTED));
ASSERT_SOME(s);
Future<Option<int>> status = s->status();
AWAIT_READY(status);
ASSERT_SOME(status.get());
EXPECT_TRUE(WIFEXITED(status->get()));
EXPECT_NE(0, WEXITSTATUS(status->get()));
}
