summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2023-10-13 22:02:24 +0200
committerFlorian Westphal <fw@strlen.de>2023-10-18 13:47:08 +0200
commit2e2d9c7d4d37d74873583d7b0c94eac8b6869486 (patch)
tree862291b73ed69833a36f7762749c8b97c83c05f7
parent1baf0152f7707c6c7e4ea815dcc1f431c0e603f9 (diff)
downloadlinux-stable-2e2d9c7d4d37d74873583d7b0c94eac8b6869486.tar.gz
linux-stable-2e2d9c7d4d37d74873583d7b0c94eac8b6869486.tar.bz2
linux-stable-2e2d9c7d4d37d74873583d7b0c94eac8b6869486.zip
selftests: netfilter: Run nft_audit.sh in its own netns
Don't mess with the host's firewall ruleset. Since audit logging is not per-netns, add an initial delay of a second so other selftests' netns cleanups have a chance to finish. Fixes: e8dbde59ca3f ("selftests: netfilter: Test nf_tables audit logging") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
-rwxr-xr-xtools/testing/selftests/netfilter/nft_audit.sh6
1 files changed, 6 insertions, 0 deletions
diff --git a/tools/testing/selftests/netfilter/nft_audit.sh b/tools/testing/selftests/netfilter/nft_audit.sh
index e94a80859bbd..99ed5bd6e840 100755
--- a/tools/testing/selftests/netfilter/nft_audit.sh
+++ b/tools/testing/selftests/netfilter/nft_audit.sh
@@ -11,6 +11,12 @@ nft --version >/dev/null 2>&1 || {
exit $SKIP_RC
}
+# Run everything in a separate network namespace
+[ "${1}" != "run" ] && { unshare -n "${0}" run; exit $?; }
+
+# give other scripts a chance to finish - audit_logread sees all activity
+sleep 1
+
logfile=$(mktemp)
rulefile=$(mktemp)
echo "logging into $logfile"