test: use cap_last_cap() for max supported cap number, not capability_list_length()

This test assumes capability_list_length() is an invalid cap number,
but that isn't true if the running kernel supports more caps than we were
compiled with, which results in the test failing.

Instead use cap_last_cap() + 1.

If cap_last_cap() is 63, there are no more 'invalid' cap numbers to test with,
so the invalid cap number test part is skipped.

(cherry picked from commit ebc815cd1c647faa934a446ceea91ff4bc9dffa4)
(cherry picked from commit b5d7ba5fd4b61ba4919887cdf4a97c660bd9367b)

2 files changed, 36 insertions, 29 deletions

diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
index 2b7834ad98..eba5c21505 100644
--- a/src/basic/cap-list.c
+++ b/src/basic/cap-list.c
@@ -51,6 +51,9 @@ int capability_from_name(const char *name) {
         return sc->id;
 }
 
+/* This is the number of capability names we are *compiled* with.
+ * For the max capability number of the currently-running kernel,
+ * use cap_last_cap(). */
 int capability_list_length(void) {
         return (int) ELEMENTSOF(capability_names);
 }
diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c
index 33dd2461c3..ecd3c9ec13 100644
--- a/src/test/test-cap-list.c
+++ b/src/test/test-cap-list.c
@@ -57,7 +57,7 @@ static void test_cap_list(void) {
 
 static void test_capability_set_one(uint64_t c, const char *t) {
         _cleanup_free_ char *t1 = NULL;
-        uint64_t c1, c_masked = c & ((UINT64_C(1) << capability_list_length()) - 1);
+        uint64_t c1, c_masked = c & all_capabilities();
 
         assert_se(capability_set_to_string_alloc(c, &t1) == 0);
         assert_se(streq(t1, t));
@@ -72,7 +72,7 @@ static void test_capability_set_one(uint64_t c, const char *t) {
         assert_se(c1 == c_masked);
 }
 
-static void test_capability_set(void) {
+static void test_capability_set_from_string(void) {
         uint64_t c;
 
         assert_se(capability_set_from_string(NULL, &c) == 0);
@@ -89,38 +89,42 @@ static void test_capability_set(void) {
 
         assert_se(capability_set_from_string("0 1 2 3", &c) == 0);
         assert_se(c == (UINT64_C(1) << 4) - 1);
+}
+
+static void test_capability_set_to_string(uint64_t invalid_cap_set) {
+        uint64_t c;
 
-        test_capability_set_one(0, "");
-        test_capability_set_one(
-                UINT64_C(1) << CAP_DAC_OVERRIDE,
-                "cap_dac_override");
-        test_capability_set_one(
-                UINT64_C(1) << CAP_DAC_OVERRIDE |
-                UINT64_C(1) << capability_list_length(),
-                "cap_dac_override");
-        test_capability_set_one(
-                UINT64_C(1) << capability_list_length(), "");
-        test_capability_set_one(
-                UINT64_C(1) << CAP_CHOWN |
-                UINT64_C(1) << CAP_DAC_OVERRIDE |
-                UINT64_C(1) << CAP_DAC_READ_SEARCH |
-                UINT64_C(1) << CAP_FOWNER |
-                UINT64_C(1) << CAP_SETGID |
-                UINT64_C(1) << CAP_SETUID |
-                UINT64_C(1) << CAP_SYS_PTRACE |
-                UINT64_C(1) << CAP_SYS_ADMIN |
-                UINT64_C(1) << CAP_AUDIT_CONTROL |
-                UINT64_C(1) << CAP_MAC_OVERRIDE |
-                UINT64_C(1) << CAP_SYSLOG |
-                UINT64_C(1) << (capability_list_length() + 1),
-                "cap_chown cap_dac_override cap_dac_read_search cap_fowner "
-                "cap_setgid cap_setuid cap_sys_ptrace cap_sys_admin "
-                "cap_audit_control cap_mac_override cap_syslog");
+        test_capability_set_one(invalid_cap_set, "");
+
+        c = (UINT64_C(1) << CAP_DAC_OVERRIDE | invalid_cap_set);
+        test_capability_set_one(c, "cap_dac_override");
+
+        c = (UINT64_C(1) << CAP_CHOWN |
+             UINT64_C(1) << CAP_DAC_OVERRIDE |
+             UINT64_C(1) << CAP_DAC_READ_SEARCH |
+             UINT64_C(1) << CAP_FOWNER |
+             UINT64_C(1) << CAP_SETGID |
+             UINT64_C(1) << CAP_SETUID |
+             UINT64_C(1) << CAP_SYS_PTRACE |
+             UINT64_C(1) << CAP_SYS_ADMIN |
+             UINT64_C(1) << CAP_AUDIT_CONTROL |
+             UINT64_C(1) << CAP_MAC_OVERRIDE |
+             UINT64_C(1) << CAP_SYSLOG |
+             invalid_cap_set);
+        test_capability_set_one(c, ("cap_chown cap_dac_override cap_dac_read_search cap_fowner "
+                                    "cap_setgid cap_setuid cap_sys_ptrace cap_sys_admin "
+                                    "cap_audit_control cap_mac_override cap_syslog"));
 }
 
 int main(int argc, char *argv[]) {
         test_cap_list();
-        test_capability_set();
+        test_capability_set_from_string();
+        test_capability_set_to_string(0);
+
+        /* once the kernel supports 63 caps, there are no 'invalid' numbers
+         * for us to test with */
+        if (cap_last_cap() < 63)
+                test_capability_set_to_string(all_capabilities() + 1);
 
         return 0;
 }