- find accounts whose group memberships have changed; access policies available to a credential are updated to reflect the change, i.e. they will lose any privileges associated with a group they are removed from, and gain any privileges associated with a group they are added to.

			handler: &fakeHandler{
				errs: []error{syscall.EBUSY},
			},
			err: ErrObjectAlreadyExists,
			// expected calls: NFNL_MSG_ACCT_NEW
			netlinkCalls: 1,
		},
		{
			name:        "insufficient privilege",
			counterName: "metric-2",
			handler: &fakeHandler{
				errs: []error{syscall.EPERM},
			},
			err: ErrUnexpected,
			// expected calls: NFNL_MSG_ACCT_NEW
			netlinkCalls: 1,
		},
		{

		} else {
			want = target
		}
	} else {
		want = dirlink
	}
	if got != want {
		t.Errorf(`EvalSymlinks(%q): got %q, want %q`, dirlink, got, want)
	}

	// Make sure we have sufficient privilege to run mklink command.
	testenv.MustHaveSymlink(t)

	file := filepath.Join(tmpdir, "file")
	err = os.WriteFile(file, []byte(""), 0666)
	if err != nil {
		t.Fatal(err)
	}

}

type Tokenprivileges struct {
	PrivilegeCount uint32
	Privileges     [1]LUIDAndAttributes // Use AllPrivileges() for iterating.
}

// AllPrivileges returns a slice that can be used to iterate over the privileges in p.
func (p *Tokenprivileges) AllPrivileges() []LUIDAndAttributes {
	return (*[(1 << 27) - 1]LUIDAndAttributes)(unsafe.Pointer(&p.Privileges[0]))[:p.PrivilegeCount:p.PrivilegeCount]
}

  - type: checkboxes
    id: privileged
    attributes:
      label: Privileged issue
      description: Confirm that you are allowed to create an issue here.
      options:
        - label: I'm @tiangolo or he asked me directly to create an issue here.
          required: true
  - type: textarea
    id: content
    attributes:
      label: Issue Content

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-2)
    - [Feature](#feature-2)

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-10)

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-7)

    - [CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3955-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
    - [CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation](#cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation)
  - [Changes by Kind](#changes-by-kind-10)

    verbs: ["watch", "get", "list"]
{{- if .Values.cni.repair.repairPods }}
{{- /*  No privileges needed*/}}
{{- else if .Values.cni.repair.deletePods }}
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["delete"]
{{- else if .Values.cni.repair.labelPods }}
  - apiGroups: [""]
    {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}}
    resources: ["pods/status"]