1 files changed, 10 insertions, 0 deletions

diff --git a/go/try-launching.go b/go/try-launching.go
index 272fd0a..9f20e6b 100644
--- a/go/try-launching.go
+++ b/go/try-launching.go
@@ -28,6 +28,7 @@ func tryLaunching() {
 		iab        string
 		uid        int
 		gid        int
+		mode       cap.Mode
 		groups     []int
 	}{
 		{args: []string{root + "/go/ok"}},
@@ -44,6 +45,11 @@ func tryLaunching() {
 			chroot: root + "/go",
 			fail:   syscall.Getuid() != 0,
 		},
+		{
+			args: []string{root + "/progs/tcapsh-static", "--inmode=NOPRIV", "--has-no-new-privs"},
+			mode: cap.ModeNoPriv,
+			fail: syscall.Getuid() != 0,
+		},
 	}
 
 	ps := make([]int, len(vs))
@@ -61,6 +67,9 @@ func tryLaunching() {
 		if v.gid != 0 {
 			e.SetGroups(v.gid, v.groups)
 		}
+		if v.mode != 0 {
+			e.SetMode(v.mode)
+		}
 		if v.iab != "" {
 			if iab, err := cap.IABFromText(v.iab); err != nil {
 				log.Fatalf("failed to parse iab=%q: %v", v.iab, err)
@@ -68,6 +77,7 @@ func tryLaunching() {
 				e.SetIAB(iab)
 			}
 		}
+		log.Printf("[%d] trying: %q\n", i, v.args)
 		if ps[i], err = e.Launch(nil); err != nil {
 			if v.fail {
 				continue