On Tue, 2023-12-05 at 20:29 +0100, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > feature probe script leave a ruleset in place, flush it once > > probing is > > complete. > > Perhaps change feature_probe() to always use 'unshare -n'? feature_probe already uses unshare, unless the caller opts out of it. Maybe don't do that. > Some scripts also create netdevices. Some tests also create netdevices and may not clean them up properly. It's even desirable that tests don't clean them up, because it removes boilerplate from tests. But more importantly: not deleting those devices leaves a certain state after the test, that can be checked by `.nft`/`.json-nft` dumps. The mode without unshare exists for historic reasons, as unshare was added initially. At this point, what is the use of supporting or using that? Thomas
