Merge pull request #271 from AkihiroSuda/dev

tests: refactor

Author: AkihiroSuda

Makefile.am

@@ -5,7 +5,20 @@ AM_CFLAGS = @GLIB_CFLAGS@ @SLIRP_CFLAGS@ @LIBCAP_CFLAGS@ @LIBSECCOMP_CFLAGS@
 noinst_LIBRARIES = libparson.a
 
 AM_TESTS_ENVIRONMENT = PATH="$(abs_top_builddir):$(PATH)"
-TESTS = tests/test-slirp4netns.sh tests/test-slirp4netns-configure.sh tests/test-slirp4netns-exit-fd.sh tests/test-slirp4netns-ready-fd.sh tests/test-slirp4netns-api-socket.sh tests/test-slirp4netns-disable-host-loopback.sh tests/test-slirp4netns-cidr.sh tests/test-slirp4netns-outbound-addr.sh tests/test-slirp4netns-disable-dns.sh tests/test-slirp4netns-seccomp.sh tests/test-slirp4netns-macaddress.sh tests/test-slirp4netns-dhcp.sh
+TESTS = tests/test-slirp4netns-api-socket.sh \
+				tests/test-slirp4netns-cidr.sh \
+				tests/test-slirp4netns-configure.sh \
+				tests/test-slirp4netns-dhcp.sh \
+				tests/test-slirp4netns-disable-dns.sh \
+				tests/test-slirp4netns-disable-host-loopback.sh \
+				tests/test-slirp4netns-exit-fd.sh \
+				tests/test-slirp4netns-macaddress.sh \
+				tests/test-slirp4netns-nspath.sh \
+				tests/test-slirp4netns-outbound-addr.sh \
+				tests/test-slirp4netns-ready-fd.sh \
+				tests/test-slirp4netns-sandbox.sh \
+				tests/test-slirp4netns-sandbox-no-unmount.sh \
+				tests/test-slirp4netns-seccomp.sh
 
 EXTRA_DIST = \
 	slirp4netns.1.md \
@@ -18,7 +31,6 @@ EXTRA_DIST = \
 	seccomparch.h \
 	seccompfilter.h \
 	seccompfilter_rules.h \
-	tests/slirp4netns-no-unmount.sh \
 	vendor/parson/LICENSE \
 	vendor/parson/README.md \
 	vendor/parson/parson.h

tests/common.sh

@@ -4,116 +4,116 @@
 TEST_EXIT_CODE_SKIP=77
 
 function nsenter_flags {
-  pid=$1
-  flags="--target=${pid}"
-  userns="$(readlink /proc/${pid}/ns/user)"
-  mntns="$(readlink /proc/${pid}/ns/mnt)"
-  netns="$(readlink /proc/${pid}/ns/net)"
+	pid=$1
+	flags="--target=${pid}"
+	userns="$(readlink /proc/${pid}/ns/user)"
+	mntns="$(readlink /proc/${pid}/ns/mnt)"
+	netns="$(readlink /proc/${pid}/ns/net)"
 
-  self_userns="$(readlink /proc/self/ns/user)"
-  self_mntns="$(readlink /proc/self/ns/mnt)"
-  self_netns="$(readlink /proc/self/ns/net)"
+	self_userns="$(readlink /proc/self/ns/user)"
+	self_mntns="$(readlink /proc/self/ns/mnt)"
+	self_netns="$(readlink /proc/self/ns/net)"
 
-  if [ "${userns}" != "${self_userns}" ]; then
-    flags="$flags --preserve-credentials -U"
-  fi
-  if [ "${mntns}" != "${self_mntns}" ]; then
-    flags="$flags -m"
-  fi
-  if [ "${netns}" != "${self_netns}" ]; then
-    flags="$flags -n"
-  fi
-  echo "${flags}"
+	if [ "${userns}" != "${self_userns}" ]; then
+		flags="$flags --preserve-credentials -U"
+	fi
+	if [ "${mntns}" != "${self_mntns}" ]; then
+		flags="$flags -m"
+	fi
+	if [ "${netns}" != "${self_netns}" ]; then
+		flags="$flags -n"
+	fi
+	echo "${flags}"
 }
 
 function wait_for_network_namespace {
-    # Wait that the namespace is ready.
-    COUNTER=0
-    while [ $COUNTER -lt 40 ]; do
-        flags=$(nsenter_flags $1)
-        if $(echo $flags | grep -qvw -- -n); then
-          flags="$flags -n"
-        fi
-        if nsenter ${flags} true >/dev/null 2>&1; then
-            return 0
-        else
-            sleep 0.5
-        fi
-        let COUNTER=COUNTER+1
-    done
-    exit 1
+	# Wait that the namespace is ready.
+	COUNTER=0
+	while [ $COUNTER -lt 40 ]; do
+		flags=$(nsenter_flags $1)
+		if $(echo $flags | grep -qvw -- -n); then
+			flags="$flags -n"
+		fi
+		if nsenter ${flags} true >/dev/null 2>&1; then
+			return 0
+		else
+			sleep 0.5
+		fi
+		let COUNTER=COUNTER+1
+	done
+	exit 1
 }
 
 function wait_for_network_device {
-    # Wait that the device appears.
-    COUNTER=0
-    while [ $COUNTER -lt 40 ]; do
-        if nsenter $(nsenter_flags $1) ip addr show $2; then
-            return 0
-        else
-            sleep 0.5
-        fi
-        let COUNTER=COUNTER+1
-    done
-    exit 1
+	# Wait that the device appears.
+	COUNTER=0
+	while [ $COUNTER -lt 40 ]; do
+		if nsenter $(nsenter_flags $1) ip addr show $2; then
+			return 0
+		else
+			sleep 0.5
+		fi
+		let COUNTER=COUNTER+1
+	done
+	exit 1
 }
 
 function wait_process_exits {
-    COUNTER=0
-    while [ $COUNTER -lt 40 ]; do
-        if  kill -0 $1; then
-            sleep 0.5
-        else
-            return 0
-        fi
-        let COUNTER=COUNTER+1
-    done
-    exit 1
+	COUNTER=0
+	while [ $COUNTER -lt 40 ]; do
+		if kill -0 $1; then
+			sleep 0.5
+		else
+			return 0
+		fi
+		let COUNTER=COUNTER+1
+	done
+	exit 1
 }
 
 function wait_for_ping_connectivity {
-    COUNTER=0
-    while [ $COUNTER -lt 40 ]; do
-        if nsenter $(nsenter_flags $1) ping -c 1 -w 1 $2; then
-            return 0
-        else
-            sleep 0.5
-        fi
-        let COUNTER=COUNTER+1
-    done
-    exit 1
+	COUNTER=0
+	while [ $COUNTER -lt 40 ]; do
+		if nsenter $(nsenter_flags $1) ping -c 1 -w 1 $2; then
+			return 0
+		else
+			sleep 0.5
+		fi
+		let COUNTER=COUNTER+1
+	done
+	exit 1
 }
 
 function wait_for_connectivity {
-    COUNTER=0
-    while [ $COUNTER -lt 40 ]; do
-        if echo "wait_for_connectivity" | nsenter $(nsenter_flags $1) ncat -v $2 $3; then
-            return 0
-        else
-            sleep 0.5
-        fi
-        let COUNTER=COUNTER+1
-    done
-    exit 1
+	COUNTER=0
+	while [ $COUNTER -lt 40 ]; do
+		if echo "wait_for_connectivity" | nsenter $(nsenter_flags $1) ncat -v $2 $3; then
+			return 0
+		else
+			sleep 0.5
+		fi
+		let COUNTER=COUNTER+1
+	done
+	exit 1
 }
 
 function wait_for_file_content {
-    # Wait for a file to get the specified content.
-    COUNTER=0
-    while [ $COUNTER -lt 20 ]; do
-        if grep $1 $2; then
-            return 0
-        else
-            sleep 0.5
-        fi
-        let COUNTER=COUNTER+1
-    done
-    exit 1
+	# Wait for a file to get the specified content.
+	COUNTER=0
+	while [ $COUNTER -lt 20 ]; do
+		if grep $1 $2; then
+			return 0
+		else
+			sleep 0.5
+		fi
+		let COUNTER=COUNTER+1
+	done
+	exit 1
 }
 
 function expose_tcp() {
-    apisock=$1 hostport=$2 guestport=$3
-    json="{\"execute\": \"add_hostfwd\", \"arguments\": {\"proto\": \"tcp\", \"host_addr\": \"0.0.0.0\", \"host_port\": $hostport, \"guest_addr\": \"10.0.2.100\", \"guest_port\": $guestport}}"
-    echo -n $json | ncat -U $apisock
-    echo -n "{\"execute\": \"list_hostfwd\"}" | ncat -U $apisock
+	apisock=$1 hostport=$2 guestport=$3
+	json="{\"execute\": \"add_hostfwd\", \"arguments\": {\"proto\": \"tcp\", \"host_addr\": \"0.0.0.0\", \"host_port\": $hostport, \"guest_addr\": \"10.0.2.100\", \"guest_port\": $guestport}}"
+	echo -n $json | ncat -U $apisock
+	echo -n "{\"execute\": \"list_hostfwd\"}" | ncat -U $apisock
 }

tests/test-slirp4netns-api-socket.sh

@@ -12,17 +12,17 @@ tmpdir=$(mktemp -d /tmp/slirp4netns-bench.XXXXXXXXXX)
 apisocket=${tmpdir}/slirp4netns.sock
 apisocketlongpath=${tmpdir}/slirp4netns-TOO-LONG-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.sock
 
-if slirp4netns -c $child --api-socket $apisocketlongpath tun11; then
-    echo "expected failure with apisocket path too long" >&2
-    kill -9 $child
-    rm -rf $tmpdir
-    exit 1
+if slirp4netns -c $child --api-socket $apisocketlongpath tap11; then
+	echo "expected failure with apisocket path too long" >&2
+	kill -9 $child
+	rm -rf $tmpdir
+	exit 1
 fi
 
-slirp4netns -c $child --api-socket $apisocket tun11 &
+slirp4netns -c $child --api-socket $apisocket tap11 &
 slirp_pid=$!
 
-wait_for_network_device $child tun11
+wait_for_network_device $child tap11
 
 function cleanup() {
 	kill -9 $child $slirp_pid

tests/test-slirp4netns-cidr.sh

@@ -9,39 +9,39 @@ child=$!
 wait_for_network_namespace $child
 
 set +e
-result=$(slirp4netns -c --cidr 24 $child tun11 2>&1)
+result=$(slirp4netns -c --cidr 24 $child tap11 2>&1)
 set -e
 echo $result | grep "invalid CIDR"
 
 set +e
-result=$(slirp4netns -c --cidr foo $child tun11 2>&1)
+result=$(slirp4netns -c --cidr foo $child tap11 2>&1)
 set -e
 echo $result | grep "invalid CIDR"
 
 set +e
-result=$(slirp4netns -c --cidr 10.0.2.0 $child tun11 2>&1)
+result=$(slirp4netns -c --cidr 10.0.2.0 $child tap11 2>&1)
 set -e
 echo $result | grep "invalid CIDR"
 
 set +e
-result=$(slirp4netns -c --cidr 10.0.2.100/24 $child tun11 2>&1)
+result=$(slirp4netns -c --cidr 10.0.2.100/24 $child tap11 2>&1)
 set -e
 echo $result | grep "CIDR needs to be a network address like 10.0.2.0/24, not like 10.0.2.100/24"
 
 set +e
-result=$(slirp4netns -c --cidr 10.0.2.100/26 $child tun11 2>&1)
+result=$(slirp4netns -c --cidr 10.0.2.100/26 $child tap11 2>&1)
 set -e
 echo $result | grep "prefix length needs to be 1-25"
 
-slirp4netns -c $child --cidr 10.0.135.128/25 tun11 &
+slirp4netns -c $child --cidr 10.0.135.128/25 tap11 &
 slirp_pid=$!
 
-wait_for_network_device $child tun11
+wait_for_network_device $child tap11
 
 function cleanup {
-    kill -9 $child $slirp_pid
+	kill -9 $child $slirp_pid
 }
 trap cleanup EXIT
 
-result="$(nsenter --preserve-credentials -U -n --target=$child ip a show dev tun11)"
+result="$(nsenter $(nsenter_flags $child) ip a show dev tap11)"
 echo "$result" | grep -o '^\s*inet .*/' | grep -F 10.0.135.228

tests/test-slirp4netns-configure.sh

@@ -8,16 +8,16 @@ child=$!
 
 wait_for_network_namespace $child
 
-slirp4netns -c $child tun11 &
+slirp4netns -c $child tap11 &
 slirp_pid=$!
 
-wait_for_network_device $child tun11
+wait_for_network_device $child tap11
 
 function cleanup {
-    kill -9 $child $slirp_pid
+	kill -9 $child $slirp_pid
 }
 trap cleanup EXIT
 
-nsenter --preserve-credentials -U -n --target=$child ip -a netconf | grep tun11
+nsenter $(nsenter_flags $child) ip -a netconf | grep tap11
 
-nsenter --preserve-credentials -U -n --target=$child ip addr show tun11 | grep inet
+nsenter $(nsenter_flags $child) ip addr show tap11 | grep inet

tests/test-slirp4netns-disable-dns.sh

@@ -1,35 +1,35 @@
 #!/bin/bash
 set -xeuo pipefail
 
+. $(dirname $0)/common.sh
+
 SLIRP_CONFIG_VERSION_MAX=$(slirp4netns -v | grep "SLIRP_CONFIG_VERSION_MAX: " | sed 's#SLIRP_CONFIG_VERSION_MAX: \(\)##')
 
 if [ "${SLIRP_CONFIG_VERSION_MAX:-0}" -lt 3 ]; then
-    printf "'--disable-dns' requires SLIRP_CONFIG_VERSION_MAX 3 or newer. Test skipped..."
-    exit 0
+	printf "'--disable-dns' requires SLIRP_CONFIG_VERSION_MAX 3 or newer. Test skipped..."
+	exit "$TEST_EXIT_CODE_SKIP"
 fi
 
-. $(dirname $0)/common.sh
-
 port=53
 unshare -r -n sleep infinity &
 child=$!
 
 wait_for_network_namespace $child
 
 mtu=${MTU:=1500}
-slirp4netns -c --mtu $mtu --disable-dns $child tun11 &
+slirp4netns -c --mtu $mtu --disable-dns $child tap11 &
 slirp_pid=$!
 
-wait_for_network_device $child tun11
+wait_for_network_device $child tap11
 # ping to 10.0.2.2
 wait_for_ping_connectivity $child 10.0.2.2
 
 function cleanup() {
-    kill -9 $child $slirp_pid
+	kill -9 $child $slirp_pid
 }
 trap cleanup EXIT
 
 set +e
-err=$(echo "should fail" | nsenter --preserve-credentials -U -n --target=$child ncat -v 10.0.2.3 $port 2>&1)
+err=$(echo "should fail" | nsenter $(nsenter_flags $child) ncat -v 10.0.2.3 $port 2>&1)
 set -e
 echo $err | grep 'Connection timed out\|TIMEOUT'

tests/test-slirp4netns-disable-host-loopback.sh

@@ -13,20 +13,19 @@ child=$!
 wait_for_network_namespace $child
 
 mtu=${MTU:=1500}
-slirp4netns -c --mtu $mtu --disable-host-loopback $child tun11 &
+slirp4netns -c --mtu $mtu --disable-host-loopback $child tap11 &
 slirp_pid=$!
 
-wait_for_network_device $child tun11
+wait_for_network_device $child tap11
 # ping to 10.0.2.2 is possible even with --disable-host-loopback
 wait_for_ping_connectivity $child 10.0.2.2
 
 function cleanup {
-    kill -9 $nc_pid $child $slirp_pid
+	kill -9 $nc_pid $child $slirp_pid
 }
 trap cleanup EXIT
 
 set +e
-err=$(echo "should fail" | nsenter --preserve-credentials -U -n --target=$child ncat -v 10.0.2.2 $port 2>&1)
+err=$(echo "should fail" | nsenter $(nsenter_flags $child) ncat -v 10.0.2.2 $port 2>&1)
 set -e
 echo $err | grep "Network is unreachable"
-

tests/test-slirp4netns-exit-fd.sh

@@ -10,14 +10,14 @@ wait_for_network_namespace $child
 
 touch keep_alive
 
-slirp4netns -e 10 $child tun11 10<(while test -e keep_alive; do sleep 0.1; done) &
+slirp4netns -e 10 $child tap11 10<(while test -e keep_alive; do sleep 0.1; done) &
 
 slirp_pid=$!
 
 function cleanup {
-    set +xeuo pipefail
-    kill -9 $child $slirp_pid
-    rm -f keep_alive
+	set +xeuo pipefail
+	kill -9 $child $slirp_pid
+	rm -f keep_alive
 }
 trap cleanup EXIT
 
@@ -29,7 +29,7 @@ rm keep_alive
 wait_process_exits $slirp_pid
 
 if kill -0 $slirp_pid; then
-    exit 1
+	exit 1
 fi
 
 exit 0

tests/test-slirp4netns-macaddress.sh

@@ -10,20 +10,20 @@ child=$!
 wait_for_network_namespace $child
 
 function cleanup {
-    kill -9 $child $slirp_pid
+	kill -9 $child $slirp_pid
 }
 trap cleanup EXIT
 
-slirp4netns -c --macaddress $MACADDRESS $child tun11 &
+slirp4netns -c --macaddress $MACADDRESS $child tap11 &
 slirp_pid=$!
 
-wait_for_network_device $child tun11
+wait_for_network_device $child tap11
 
-result=$(nsenter --preserve-credentials -U -n --target=$child ip addr show tun11 | grep -o "ether $MACADDRESS")
+result=$(nsenter $(nsenter_flags $child) ip addr show tap11 | grep -o "ether $MACADDRESS")
 
 if [ -z "$result" ]; then
-  printf "expecting %s MAC address on the interface but didn't get it" "$MACADDRESS"
-  exit 1
+	printf "expecting %s MAC address on the interface but didn't get it" "$MACADDRESS"
+	exit 1
 fi
 
 cleanup

tests/test-slirp4netns-nspath.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+set -xeuo pipefail
+
+. $(dirname $0)/common.sh
+
+# Test --userns-path= --netns-type=path
+unshare -r -n sleep infinity &
+child=$!
+
+wait_for_network_namespace $child
+
+slirp4netns --userns-path=/proc/$child/ns/user --netns-type=path /proc/$child/ns/net tap11 &
+slirp_pid=$!
+
+function cleanup {
+	kill -9 $child $slirp_pid
+}
+trap cleanup EXIT
+
+wait_for_network_device $child tap11
+
+nsenter $(nsenter_flags $child) ip -a netconf | grep tap11
+nsenter $(nsenter_flags $child) ip addr show tap11 | grep -v inet
+
+kill -9 $child $slirp_pid
+
+# Test --netns-type=path
+unshare -r -n sleep infinity &
+child=$!
+
+wait_for_network_namespace $child
+
+nsenter --preserve-credentials -U --target=$child slirp4netns --netns-type=path /proc/$child/ns/net tap11 &
+slirp_pid=$!
+
+wait_for_network_device $child tap11
+
+nsenter $(nsenter_flags $child) ip -a netconf | grep tap11
+nsenter $(nsenter_flags $child) ip addr show tap11 | grep -v inet

tests/test-slirp4netns-outbound-addr.sh

@@ -1,15 +1,15 @@
 #!/bin/bash
 set -xeuo pipefail
 
+. $(dirname $0)/common.sh
+
 SLIRP_CONFIG_VERSION_MAX=$(slirp4netns -v | grep "SLIRP_CONFIG_VERSION_MAX: " | sed 's#SLIRP_CONFIG_VERSION_MAX: \(\)##')
 
 if [ "${SLIRP_CONFIG_VERSION_MAX:-0}" -lt 2 ]; then
-    printf "'--disable-dns' requires SLIRP_CONFIG_VERSION_MAX 2 or newer. Test skipped..."
-    exit 0
+	printf "'--disable-dns' requires SLIRP_CONFIG_VERSION_MAX 2 or newer. Test skipped..."
+	exit "$TEST_EXIT_CODE_SKIP"
 fi
 
-. $(dirname $0)/common.sh
-
 IPv4_1="127.0.0.1"
 IPv4_2=$(ip a | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p' | head -n 1)
 
@@ -18,8 +18,8 @@ IPv4_2=$(ip a | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/
 #IPv6_2=$(ip a | sed -En 's/::1\/128//;s/.*inet6 (addr:)?([^ ]*)\/.*$/\2/p' | head -n 1)
 
 function cleanup() {
-    rm -rf ncat.log
-    kill -9 $child $slirp_pid || exit 0
+	rm -rf ncat.log
+	kill -9 $child $slirp_pid || exit 0
 }
 trap cleanup EXIT
 
@@ -28,26 +28,26 @@ mtu=${MTU:=1500}
 
 IPs=("$IPv4_1" "$IPv4_2")
 for ip in "${IPs[@]}"; do
-    ncat -l $port -v >ncat.log 2>&1 &
-    ncat1=$!
+	ncat -l $port -v >ncat.log 2>&1 &
+	ncat1=$!
 
-    unshare -r -n sleep infinity &
-    child=$!
+	unshare -r -n sleep infinity &
+	child=$!
 
-    wait_for_network_namespace $child
+	wait_for_network_namespace $child
 
-    slirp4netns -c --mtu $mtu --outbound-addr="$ip" $child tun11 &
-    slirp_pid=$!
+	slirp4netns -c --mtu $mtu --outbound-addr="$ip" $child tap11 &
+	slirp_pid=$!
 
-    wait_for_network_device $child tun11
+	wait_for_network_device $child tap11
 
-    wait_for_connectivity $child 10.0.2.2 $port
+	wait_for_connectivity $child 10.0.2.2 $port
 
-    wait_process_exits $ncat1
-    if ! grep "$ip" ncat.log; then
-        printf "%s not found in ncat.log" "$ip"
-        exit 1
-    fi
-    cleanup
-    let port=port+1
+	wait_process_exits $ncat1
+	if ! grep "$ip" ncat.log; then
+		printf "%s not found in ncat.log" "$ip"
+		exit 1
+	fi
+	cleanup
+	let port=port+1
 done

tests/test-slirp4netns-ready-fd.sh

@@ -10,17 +10,17 @@ wait_for_network_namespace $child
 
 touch keep_alive
 
-slirp4netns -c -r 10 $child tun11 10>configured &
+slirp4netns -c -r 10 $child tap11 10>configured &
 slirp_pid=$!
 
 function cleanup {
-    set +xeuo pipefail
-    kill -9 $child $slirp_pid
-    rm -f configured keep_alive
+	set +xeuo pipefail
+	kill -9 $child $slirp_pid
+	rm -f configured keep_alive
 }
 trap cleanup EXIT
 
-wait_for_network_device $child tun11
+wait_for_network_device $child tap11
 
 wait_for_file_content 1 configured
 

tests/slirp4netns-no-unmount.sh tests/test-slirp4netns-sandbox-no-unmount.sh

@@ -1,10 +1,13 @@
 #!/bin/bash
 set -xeuo pipefail
 
-. $(dirname $0)/common.sh
+if [[ ! -v "CHILD" ]]; then
+	# reexec in a new mount namespace
+	export CHILD=1
+	exec unshare -rm "$0" "$@"
+fi
 
-# it is a part of test-slirp4netns.sh
-# must run in a new mount namespace
+. $(dirname $0)/common.sh
 
 mount -t tmpfs tmpfs /run
 mkdir /run/foo
@@ -16,14 +19,14 @@ child=$!
 
 wait_for_network_namespace $child
 
-slirp4netns --enable-sandbox --netns-type=path /proc/$child/ns/net tun11 &
+slirp4netns --enable-sandbox --netns-type=path /proc/$child/ns/net tap11 &
 slirp_pid=$!
 
 function cleanup {
-    kill -9 $child $slirp_pid
+	kill -9 $child $slirp_pid
 }
 trap cleanup EXIT
 
-wait_for_network_device $child tun11
+wait_for_network_device $child tap11
 
 findmnt /run/foo

tests/test-slirp4netns-sandbox.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+set -xeuo pipefail
+
+. $(dirname $0)/common.sh
+
+unshare -r -n sleep infinity &
+child=$!
+
+wait_for_network_namespace $child
+
+slirp4netns --ready-fd=3 --enable-sandbox $child tap11 3>ready.file &
+slirp_pid=$!
+
+# Wait that the sandbox is created
+wait_for_file_content 1 ready.file
+rm ready.file
+
+# Check there are no capabilities left in slirp4netns
+getpcaps $slirp_pid 2>&1 | tail -n1 >slirp.caps
+grep cap_net_bind_service slirp.caps
+grep -v cap_sys_admin slirp.caps
+rm slirp.caps
+test -e /proc/$slirp_pid/root/etc
+test -e /proc/$slirp_pid/root/run
+test \! -e /proc/$slirp_pid/root/home
+test \! -e /proc/$slirp_pid/root/root
+test \! -e /proc/$slirp_pid/root/var
+
+function cleanup {
+	kill -9 $child $slirp_pid
+}
+trap cleanup EXIT
+
+nsenter $(nsenter_flags $child) ip -a netconf | grep tap11
+nsenter $(nsenter_flags $child) ip addr show tap11 | grep -v inet

tests/test-slirp4netns-seccomp.sh

@@ -8,16 +8,16 @@ child=$!
 
 wait_for_network_namespace $child
 
-slirp4netns -c --enable-seccomp --userns-path=/proc/$child/ns/user $child tun11 &
+slirp4netns -c --enable-seccomp --userns-path=/proc/$child/ns/user $child tap11 &
 slirp_pid=$!
 
-wait_for_network_device $child tun11
+wait_for_network_device $child tap11
 
 function cleanup {
-    kill -9 $child $slirp_pid
+	kill -9 $child $slirp_pid
 }
 trap cleanup EXIT
 
-nsenter --preserve-credentials -U -n --target=$child ip -a netconf | grep tun11
+nsenter $(nsenter_flags $child) ip -a netconf | grep tap11
 
-nsenter --preserve-credentials -U -n --target=$child ip addr show tun11 | grep inet
+nsenter $(nsenter_flags $child) ip addr show tap11 | grep inet