On systems without unshare Python module, try to call unshare binary
with oneself as parameters.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables-test.py | 37 ++++++++++++++++++++++++++++++-------
1 file changed, 30 insertions(+), 7 deletions(-)
diff --git a/iptables-test.py b/iptables-test.py
index ca5efb1b6670b..90e07feed3658 100755
--- a/iptables-test.py
+++ b/iptables-test.py
@@ -304,6 +304,31 @@ def show_missing():
print('\n'.join(missing))
+def spawn_netns():
+ # prefer unshare module
+ try:
+ import unshare
+ unshare.unshare(unshare.CLONE_NEWNET)
+ return True
+ except:
+ pass
+
+ # sledgehammer style:
+ # - call ourselves prefixed by 'unshare -n' if found
+ # - pass extra --no-netns parameter to avoid another recursion
+ try:
+ import shutil
+
+ unshare = shutil.which("unshare")
+ if unshare is None:
+ return False
+
+ sys.argv.append("--no-netns")
+ os.execv(unshare, [unshare, "-n", sys.executable] + sys.argv)
+ except:
+ pass
+
+ return False
#
# main
@@ -323,6 +348,8 @@ def main():
help='Test iptables-over-nftables')
parser.add_argument('-N', '--netns', action='store_true',
help='Test netnamespace path')
+ parser.add_argument('--no-netns', action='store_true',
+ help='Do not run testsuite in own network namespace')
args = parser.parse_args()
#
@@ -341,6 +368,9 @@ def main():
print("You need to be root to run this, sorry")
return
+ if not args.netns and not args.no_netns and not spawn_netns():
+ print("Cannot run in own namespace, connectivity might break")
+
if not args.host:
os.putenv("XTABLES_LIBDIR", os.path.abspath(EXTENSIONS_PATH))
os.putenv("PATH", "%s/iptables:%s" % (os.path.abspath(os.path.curdir),
@@ -366,13 +396,6 @@ def main():
if i.endswith('.t')]
file_list.sort()
- if not args.netns:
- try:
- import unshare
- unshare.unshare(unshare.CLONE_NEWNET)
- except:
- print("Cannot run in own namespace, connectivity might break")
-
for filename in file_list:
file_tests, file_passed = run_test_file(filename, args.netns)
if file_tests:
--
2.32.0
