This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Testing on hosts with firewalls

From: Zack Weinberg <zackw at panix dot com>
To: GNU C Library <libc-alpha at sourceware dot org>
Date: Thu, 29 Dec 2016 11:07:21 -0800
Subject: Re: Testing on hosts with firewalls
Authentication-results: sourceware.org; auth=none
References: <b5618713-58ee-4b64-4f6f-4722818af73a@redhat.com> <20161229180613.GD16617@vapier> <CAKCAbMjbRyc-S8oj8pS6eOi6Rc0p3HJoTcHG20rn6FV2w=U+OQ@mail.gmail.com> <20161229184704.GE16617@vapier>

On Thu, Dec 29, 2016 at 10:47 AM, Mike Frysinger <vapier@gentoo.org> wrote:
> On 29 Dec 2016 10:23, Zack Weinberg wrote:
>> On Thu, Dec 29, 2016 at 10:08 AM, Mike Frysinger wrote:
>> > does it help if you run all the tests in a unique net namespace ?
>>
>> - can that be done without root privileges?
>
> on vanilla kernels, yes, via user namespaces.
> and if it isn't available, it's trivial to detect & ignore.

OK, good.

>> - beware https://bugzilla.kernel.org/show_bug.cgi?id=97811
>
> there is no need to use `ip` to create net namespaces, nor
> is it even desirable.  it's trivial to do it in pure C.

... that's a *kernel bug*.  "ip" has nothing to do with it.

Also, if you know of *comprehensible* documentation for creating and
manipulating net namespaces without shelling out to "ip", please
share, I have several nasty-ass suid programs that would be better for
it.

zw

References:
- Testing on hosts with firewalls
  - From: Florian Weimer
- Re: Testing on hosts with firewalls
  - From: Mike Frysinger
- Re: Testing on hosts with firewalls
  - From: Zack Weinberg
- Re: Testing on hosts with firewalls
  - From: Mike Frysinger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]