Hi Pablo,
On Mon, Jun 15, 2020 at 12:03:09AM +0200, Pablo Neira Ayuso wrote:
[...]
> In iptables-tests.py, there is an option for this:
>
> parser.add_argument('-N', '--netns', action='store_true',
> help='Test netnamespace path')
>
> Is it worth keeping this in sync with it?
There's one peculiar comment in iptables-test.py which makes me believe
this "run in netns" option is distinct from Stefano's:
| # Test "ip netns del NETNS" path with rules in place
| if netns:
| return 0
I remember calling iptables-test.py with --netns option triggering a
kernel bug that didn't happen if called with 'ip netns exec ...'
instead. And IIUC, the code path executed by --netns option still does
if wrapped by 'ip netns exec ...'. Therefore I vote for keeping --netns
option and still doing that implicit 'unshare -n' to separate the
testing env from the host's.
Cheers, Phil
