search

namib-project / nftables-rs

Safe abstraction for nftables JSON API (libnftables-json).
https://crates.io/crates/nftables
Apache License 2.0
32 stars 15 forks source link

Rootless tests #20

Closed jwhb closed 1 month ago

jwhb commented 8 months ago

18 introduced running tests against nft inside network namespaces with a script that manually manages a network namespace to execute cargo test.

FYI, it should be much simpler to just use unshare -n cargo ... to create a new netns here, no need to manage any ip netns "names". You can also do unshare -rn as normal user (assuming unprivileged user namespaces are enabled, which is the default for most distros) so not even a need for sudo. Because the netns is only tied to the process once the process exits the netns will be gone so you also can skip the clean-up logic as well _Originally posted by @Luap99 in https://github.com/namib-project/nftables-rs/pull/18#discussion_r1527210554_

The helper_tests could be improved such that each test calls unshare -rn nft as program arg for apply and get ruleset functions.

jwhb commented 1 month ago

A test runner can be set with cargo --config "target.'cfg(target_os = \"linux\")'.runner = 'unshare -rn'" test.

Ideally we could mark the tests that require a netns and have cargo use the runner only for the marked tests, but this does not seem to be supported yet.