Hi Richard, Thanks for picking up my report and implementing a more robust solution.
On Tue, Jan 28, 2025 at 12:35:24AM +0000, Richard Lewis wrote: > Does the version at > https://salsa.debian.org/rpil2/chkrootkit/-/tree/WIP fix this? I uploaded the commit to debusine.debian.net and it confirms that your test now works: https://debusine.debian.net/debusine/System/work-request/71379/ In your commit, you question whether you need to be root. Let me answer that. Yes, you need to be root in the namespace where you unshare a network namespace. Since you are reusing the current user namespace, you need to be root there. If you were to additionally unshare a user namespace, you might get away without being root in the current user namespace. > (i was slightly wrong in my previous message, and i now think the > issue is that the test assumes chkrootkit can see > the network manager of the host, and this is apparently not the case > in debusine. the new approach is more robust > and hopefully makes debusine happy). This is not really about debusine. It is about autopkgtest in general. If you happen to set up an autopkgtest image that happens to not use ifupdown/dhclient (which presently is the default), but uses systemd-networkd instead, you may locally reproduce the issue. For reproducing this, you have to use isolation-container or isolation-machine capable backends such as docker, incus-lxc, lxc, podman or qemu. > So in this branch we use 'unshare --net' and set up a new dhcpd, this > is more robust anyway.) If you were requiring isolation-container, you might drop the unsharing, but in less isolated containers, the unshare --net is what provides the robustness that you seek. Helmut
