// This test verifies that an operation ('ping') that needs `NET_RAW` // capability does not succeed if the capability `NET_RAW` is dropped. TEST_F(CapabilitiesTest, ROOT_PingWithNoNetRawCaps) { Try<Capabilities> manager = Capabilities::create(); ASSERT_SOME(manager); Try<ProcessCapabilities> capabilities = manager->get(); ASSERT_SOME(capabilities); capabilities->drop(capabilities::PERMITTED, capabilities::NET_RAW); Try<Subprocess> s = ping(capabilities->get(capabilities::PERMITTED)); ASSERT_SOME(s); Future<Option<int>> status = s->status(); AWAIT_READY(status); ASSERT_SOME(status.get()); EXPECT_TRUE(WIFEXITED(status->get())); EXPECT_NE(0, WEXITSTATUS(status->get())); }