On 12 August 2017 at 06:15, Steve Langasek <steve.langa...@canonical.com> wrote: > > The conntrack-tools 1.4.4+snapshot20161117 update was blocked from reaching > Ubuntu's 17.04 release, because it regresses its autopkgtests in Ubuntu > compared to 1.4.3-3.
Hi Steve, thanks for your work, comments below. > > I have so far identified two problems with the tests when running on Ubuntu: > > - the tests modprobe a bunch of nf_conntrack_* modules; if some of these > modules don't load because they are built into the kernel (as is the case > for some of them on Ubuntu), these tests fail. This is good to have. I can upstream the patch. > - several tests are marked 'isolation-container', but provide a > configuration to conntrackd that requires host-level privileges, so > conntrackd fails at startup when run in a container. > The scheduling & bufsize things seems a bit hackish for what we need: a simple test run of conntrackd. I would simplify the logic by just ignoring these configuration options and using conntrackd/system defaults. I mean: in this test case, we are interested in checking that conntrackd can run with a basic configuration. The actual configuration is less important. Please note, that scheduling defaults have changed in conntrackd [0]. If we don't specify a scheduling configuration, conntrackd will try to use SCHED_RR by default. Which may require further privileges? I don't have a full autopkgtest environment to test different setups (i.e., LXC, virtualization, etc). So, please, I would ask you to: 1) send a (separate) patch for the modules things 2) make changes to the test suite according to the simplifications I mentioned (separate patch) I believe that by following this approach Ubuntu will benefit as well. [0] http://git.netfilter.org/conntrack-tools/commit/?id=210f5429678dba06f361b1f37bcb946f27e2e20b
