This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Testing on hosts with firewalls
- From: Zack Weinberg <zackw at panix dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>
- Date: Thu, 29 Dec 2016 11:07:21 -0800
- Subject: Re: Testing on hosts with firewalls
- Authentication-results: sourceware.org; auth=none
- References: <b5618713-58ee-4b64-4f6f-4722818af73a@redhat.com> <20161229180613.GD16617@vapier> <CAKCAbMjbRyc-S8oj8pS6eOi6Rc0p3HJoTcHG20rn6FV2w=U+OQ@mail.gmail.com> <20161229184704.GE16617@vapier>
On Thu, Dec 29, 2016 at 10:47 AM, Mike Frysinger <vapier@gentoo.org> wrote:
> On 29 Dec 2016 10:23, Zack Weinberg wrote:
>> On Thu, Dec 29, 2016 at 10:08 AM, Mike Frysinger wrote:
>> > does it help if you run all the tests in a unique net namespace ?
>>
>> - can that be done without root privileges?
>
> on vanilla kernels, yes, via user namespaces.
> and if it isn't available, it's trivial to detect & ignore.
OK, good.
>> - beware https://bugzilla.kernel.org/show_bug.cgi?id=97811
>
> there is no need to use `ip` to create net namespaces, nor
> is it even desirable. it's trivial to do it in pure C.
... that's a *kernel bug*. "ip" has nothing to do with it.
Also, if you know of *comprehensible* documentation for creating and
manipulating net namespaces without shelling out to "ip", please
share, I have several nasty-ass suid programs that would be better for
it.
zw