From a9cadde4add151d74b64f92ebbdc56cdb7a64470 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Sun, 14 Jun 2020 23:41:57 +0200
Subject: tests: Run in separate network namespace, don't break connectivity

It might be convenient to run tests from a development branch that
resides on another host, and if we break connectivity on the test
host as tests are executed, we can't run them this way.

If kernel implementation (CONFIG_NET_NS), unshare(1), or Python
bindings for unshare() are not available, warn and continue.

Suggested-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/py/nft-test.py     | 6 ++++++
 tests/shell/run-tests.sh | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index 01ee6c98..df97ed8e 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -1394,6 +1394,12 @@ def main():
     # Change working directory to repository root
     os.chdir(TESTS_PATH + "/../..")
 
+    try:
+        import unshare
+        unshare.unshare(unshare.CLONE_NEWNET)
+    except:
+        print_warning("cannot run in own namespace, connectivity might break")
+
     check_lib_path = True
     if args.library is None:
         if args.host:
diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh
index 26f8f46d..51c90c9b 100755
--- a/tests/shell/run-tests.sh
+++ b/tests/shell/run-tests.sh
@@ -22,6 +22,15 @@ if [ "$(id -u)" != "0" ] ; then
 	msg_error "this requires root!"
 fi
 
+if [ "${1}" != "run" ]; then
+	if unshare -f -n true; then
+		unshare -n "${0}" run $@
+		exit $?
+	fi
+	msg_warn "cannot run in own namespace, connectivity might break"
+fi
+shift
+
 [ -z "$NFT" ] && NFT=$SRC_NFT
 if [ ! -x "$NFT" ] ; then
 	msg_error "no nft binary!"
-- 
cgit v1.2.3