.github/workflows: add privileged tests workflow

We had missed regressions from privileged tests not running, now they can run. Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com>
8 months ago · 0b16620b80
parent 0f5e031133
commit 0b16620b80
2 changed files with 14 additions and 1 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -183,6 +183,19 @@ jobs:
      # the equals signs cause great confusion.
      run: go test ./... -bench . -benchtime 1x -run "^$"

+  privileged:
+    runs-on: ubuntu-22.04
+    container:
+      image: golang:latest
+      options: --privileged
+    steps:
+    - name: checkout
+      uses: actions/checkout@v4
+    - name: chown
+      run: chown -R $(id -u):$(id -g) $PWD
+    - name: privileged tests
+      run: ./tool/go test ./util/linuxfw
+
  vm:
    runs-on: ["self-hosted", "linux", "vm"]
    # VM tests run with some privileges, don't let them run on 3p PRs.
--- a/util/linuxfw/nftables_runner.go
+++ b/util/linuxfw/nftables_runner.go
@ -866,7 +866,7 @@ func (n *nftablesRunner) createDummyPostroutingChains() (retErr error) {
 			return fmt.Errorf("create nat table: %w", err)
 		}
 		defer func(fm nftables.TableFamily) {
-			if err := deleteTableIfExists(n.conn, table.Proto, tsDummyTableName); err != nil && retErr == nil {
+			if err := deleteTableIfExists(n.conn, fm, tsDummyTableName); err != nil && retErr == nil {
 				retErr = fmt.Errorf("delete %q table: %w", tsDummyTableName, err)
 			}
 		}(table.Proto)