#!/usr/bin/env bash

set -e

entrypoint="$(nix-build --no-out-link -A tests)"
this_user="$(whoami)"

echo "Requesting sudo in order to set thread capabilities, will drop back down to user '$this_user' immediately"

sudo -E capsh \
    --caps="cap_net_admin,cap_net_bind_service+eip cap_setpcap,cap_setuid,cap_setgid+ep" \
    --keep=1 \
    --user="$this_user" \
    --addamb=cap_net_admin \
    --addamb=cap_net_bind_service \
    -- "$entrypoint" "$@"