tests/capable_file: fix fsetid test

The current test for the SELinux fsetid capability check tries to
set the setgid bit on a file with a different group ownership and
compares the file mode before and after to determine success/failure.
However, for reasons unknown, the current test runs chmod g+rs
which tries to set both the read bit and setgid bit, and will change
the read bit if not already set, causing the test to fail if the umask
doesn't allow group read by default. Fix the test to only run chmod g+s.

Signed-off-by: Stephen Smalley <[email protected]>

Author: stephensmalley

tests/capable_file/test

@@ -40,7 +40,7 @@ ok( $result eq 0 );
 # CAP_FSETID
 $fn   = "$basedir/temp_file";
 $mode = ( stat($fn) )[2];
-system "runcon -t test_fcap_t -- chmod g+rs $basedir/temp_file 2>&1";
+system "runcon -t test_fcap_t -- chmod g+s $basedir/temp_file 2>&1";
 $result = 1;
 if ( $mode eq ( stat($fn) )[2] ) {
     $result = 0;
@@ -82,7 +82,7 @@ ok($result);
 $fn   = "$basedir/temp_file";
 $mode = ( stat($fn) )[2];
 $result =
-  system "runcon -t test_resfcap_t -- chmod g+rs $basedir/temp_file 2>&1";
+  system "runcon -t test_resfcap_t -- chmod g+s $basedir/temp_file 2>&1";
 $result = 1;
 if ( $mode eq ( stat($fn) )[2] ) {
     $result = 0;