Stop using ping to test privilege use.

It appears that ping has been modified to hard-code non-file-capability
acquired privilege use. That is, it requires PR_SET_KEEPCAPS (a legacy
supporting secure bit) to function in order for ping to work. As such, we
can't rely on it for Instead, we use a copy of capsh
enhanced with file-caps for our test cases.

Thanks to Serge Hallyn @ Ubuntu for figuring out what broke.

Signed-off-by: Andrew G Morgan <>
1 file changed