This is a note to let you know that I've just added the patch titled
selftests: netfilter: Run nft_audit.sh in its own netns
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
selftests-netfilter-run-nft_audit.sh-in-its-own-netns.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 2e2d9c7d4d37d74873583d7b0c94eac8b6869486 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@xxxxxx>
Date: Fri, 13 Oct 2023 22:02:24 +0200
Subject: selftests: netfilter: Run nft_audit.sh in its own netns
From: Phil Sutter <phil@xxxxxx>
commit 2e2d9c7d4d37d74873583d7b0c94eac8b6869486 upstream.
Don't mess with the host's firewall ruleset. Since audit logging is not
per-netns, add an initial delay of a second so other selftests' netns
cleanups have a chance to finish.
Fixes: e8dbde59ca3f ("selftests: netfilter: Test nf_tables audit logging")
Signed-off-by: Phil Sutter <phil@xxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
tools/testing/selftests/netfilter/nft_audit.sh | 6 ++++++
1 file changed, 6 insertions(+)
--- a/tools/testing/selftests/netfilter/nft_audit.sh
+++ b/tools/testing/selftests/netfilter/nft_audit.sh
@@ -11,6 +11,12 @@ nft --version >/dev/null 2>&1 || {
exit $SKIP_RC
}
+# Run everything in a separate network namespace
+[ "${1}" != "run" ] && { unshare -n "${0}" run; exit $?; }
+
+# give other scripts a chance to finish - audit_logread sees all activity
+sleep 1
+
logfile=$(mktemp)
rulefile=$(mktemp)
echo "logging into $logfile"
Patches currently in stable-queue which might be from phil@xxxxxx are
queue-6.5/selftests-netfilter-run-nft_audit.sh-in-its-own-netns.patch
