diff options
author | Kevin Krakauer <krakauer@google.com> | 2019-12-12 14:40:36 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-12-12 14:42:11 -0800 |
commit | be2754a4b99cc92f13f479f74a5da8b0e6cb5839 (patch) | |
tree | 17a1cbacb7b477950998555ab896782439436d7c /pkg/sentry/fs/proc/net_test.go | |
parent | 93d429d5b1e3801fb4c29568bcd40d6854c9fe94 (diff) |
Add iptables testing framework.
It would be preferrable to test iptables via syscall tests, but there are some
problems with that approach:
* We're limited to loopback-only, as syscall tests involve only a single
container. Other link interfaces (e.g. fdbased) should be tested.
* We'd have to shell out to call iptables anyways, as the iptables syscall
interface itself is too large and complex to work with alone.
* Running the Linux/native version of the syscall test will require root, which
is a pain to configure, is inherently unsafe, and could leave host iptables
misconfigured.
Using the go_test target allows there to be no new test runner.
PiperOrigin-RevId: 285274275
Diffstat (limited to 'pkg/sentry/fs/proc/net_test.go')
0 files changed, 0 insertions, 0 deletions