From 539ff4e4e0360caea6d656cef3977ea89a821265 Mon Sep 17 00:00:00 2001
From: Angus Lees <gus@inodes.org>
Date: Wed, 10 Feb 2016 14:52:58 +1100
Subject: [PATCH] UnprivilegedPrivsepFixture: Clear capabilities config

When a context's 'capabilities' property was a non-empty list,
Daemon.run() would try to manipulate Linux capabilities, and fail if the
original user didn't already have (at least) these capabilities.  This
is appropriate for the regular use case, but the intention of
UnprivilegedPrivsepFixture is that it would be a no-op that works for
zero-privilege test environments.

This change clears the capabilities list (setting/expecting zero
privileges) in UnprivilegedPrivsepFixture, as was originally intended.

Change-Id: I8a0d8275877a1f9e139127049b7e234003f901ea
---
 oslo_privsep/tests/fixture.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/oslo_privsep/tests/fixture.py b/oslo_privsep/tests/fixture.py
index 6b9377a..f5d810a 100644
--- a/oslo_privsep/tests/fixture.py
+++ b/oslo_privsep/tests/fixture.py
@@ -33,6 +33,8 @@ class UnprivilegedPrivsepFixture(fixtures.Fixture):
         super(UnprivilegedPrivsepFixture, self).setUp()
 
         self.conf = self.useFixture(cfg_fixture.Config()).conf
+        self.conf.set_override('capabilities', [],
+                               group=self.context.cfg_section)
         for k in ('user', 'group'):
             self.conf.set_override(
                 k, None, group=self.context.cfg_section)