net-firewall/nftables sets RESTRICT="test? ( userpriv )". This is quite dangerous since it means the test suite will run as root with no prior notice.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a60bcdc8ce5eec6674d5e28afa2bd4899d137508 commit a60bcdc8ce5eec6674d5e28afa2bd4899d137508 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-09-13 17:33:30 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-09-13 17:34:26 +0000 net-firewall/nftables: drop RESTRICT="test? ( userpriv )" Instead, check for root and skip the relevant tests otherwise. Closes: https://bugs.gentoo.org/869989 Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-firewall/nftables/nftables-1.0.4-r2.ebuild | 8 ++++++-- net-firewall/nftables/nftables-1.0.5.ebuild | 8 ++++++-- net-firewall/nftables/nftables-9999.ebuild | 8 ++++++-- 3 files changed, 18 insertions(+), 6 deletions(-)
I agree with what we've ended up doing here, but I want to pop some more details in the bug for completeness. We discussed this some more on IRC. I'd checked the tests before doing this and am fairly happy that it'd be fine as it make an effort to use namespaces, but the tests are in such shape that they don't work in an ebuild environment properly anyway. Plus, we now have a "Manual" value for the "runtime testing required" field on stable/kw bugs, which means we don't really need to worry so much about making-src_test-do-something-useful.
