[PATCH net 2/4] selftests: netfilter: Run nft_audit.sh in its own netns
From: Florian Westphal <fw@strlen.de>
Date: 2023-10-18 12:56:28
Also in:
netfilter-devel
Subsystem:
kernel selftest framework, the rest · Maintainers:
Shuah Khan, Linus Torvalds
From: Phil Sutter <phil@nwl.cc>
Don't mess with the host's firewall ruleset. Since audit logging is not
per-netns, add an initial delay of a second so other selftests' netns
cleanups have a chance to finish.
Fixes: e8dbde59ca3f ("selftests: netfilter: Test nf_tables audit logging")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
tools/testing/selftests/netfilter/nft_audit.sh | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/netfilter/nft_audit.sh b/tools/testing/selftests/netfilter/nft_audit.sh
index e94a80859bbd..99ed5bd6e840 100755
--- a/tools/testing/selftests/netfilter/nft_audit.sh
+++ b/tools/testing/selftests/netfilter/nft_audit.sh@@ -11,6 +11,12 @@ nft --version >/dev/null 2>&1 || { exit $SKIP_RC } +# Run everything in a separate network namespace +[ "${1}" != "run" ] && { unshare -n "${0}" run; exit $?; } + +# give other scripts a chance to finish - audit_logread sees all activity +sleep 1 + logfile=$(mktemp) rulefile=$(mktemp) echo "logging into $logfile"
--
2.41.0