https://github.com/thom311/libnl/issues/308
https://github.com/thom311/libnl/commit/85e3c5d423a0ab8f8414f892998323c886484725
https://github.com/thom311/libnl/commit/ec712a4514e667b6f7fc3a54a10d4d4f65d1b5c7
https://github.com/thom311/libnl/commit/7577266c03ddbf42257f6c43f42e5837a2671038

From 85e3c5d423a0ab8f8414f892998323c886484725 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 21 Apr 2022 08:39:51 +0200
Subject: [PATCH] tests: add _assert_nltst_netns() helper

--- a/tests/nl-test-util.c
+++ b/tests/nl-test-util.c
@@ -25,6 +25,14 @@ struct nltst_netns {
 
 /*****************************************************************************/
 
+#define _assert_nltst_netns(nsdata)                                            \
+	do {                                                                   \
+		const struct nltst_netns *_nsdata = (nsdata);                  \
+                                                                               \
+		ck_assert_ptr_nonnull(_nsdata);                                \
+		ck_assert_int_eq(_nsdata->canary, _CANARY);                    \
+	} while (0)
+
 static struct {
 	struct nltst_netns *nsdata;
 } _netns_fixture_global;
@@ -34,12 +42,12 @@ void nltst_netns_fixture_setup(void)
 	ck_assert(!_netns_fixture_global.nsdata);
 
 	_netns_fixture_global.nsdata = nltst_netns_enter();
-	ck_assert(_netns_fixture_global.nsdata);
+	_assert_nltst_netns(_netns_fixture_global.nsdata);
 }
 
 void nltst_netns_fixture_teardown(void)
 {
-	ck_assert(_netns_fixture_global.nsdata);
+	_assert_nltst_netns(_netns_fixture_global.nsdata);
 	_nl_clear_pointer(&_netns_fixture_global.nsdata, nltst_netns_leave);
 }
 
From ec712a4514e667b6f7fc3a54a10d4d4f65d1b5c7 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 21 Apr 2022 08:41:03 +0200
Subject: [PATCH] tests: cleanup unshare_user() and use _nltst_fclose()

--- a/tests/nl-test-util.c
+++ b/tests/nl-test-util.c
@@ -65,24 +65,27 @@ static void unshare_user(void)
 	_nltst_assert_errno(r == 0);
 
 	/* Since Linux 3.19 we have to disable setgroups() in order to map users.
-     * Just proceed if the file is not there. */
+	 * Just proceed if the file is not there. */
 	f = fopen("/proc/self/setgroups", "we");
 	if (f) {
-		fprintf(f, "deny");
-		fclose(f);
+		r = fprintf(f, "deny");
+		_nltst_assert_errno(r > 0);
+		_nltst_fclose(f);
 	}
 
 	/* Map current UID to root in NS to be created. */
 	f = fopen("/proc/self/uid_map", "we");
-	ck_assert(f);
-	fprintf(f, "0 %d 1", uid);
-	fclose(f);
+	_nltst_assert_errno(f);
+	r = fprintf(f, "0 %d 1", uid);
+	_nltst_assert_errno(r > 0);
+	_nltst_fclose(f);
 
 	/* Map current GID to root in NS to be created. */
 	f = fopen("/proc/self/gid_map", "we");
-	ck_assert(f);
-	fprintf(f, "0 %d 1", gid);
-	fclose(f);
+	_nltst_assert_errno(f);
+	r = fprintf(f, "0 %d 1", gid);
+	_nltst_assert_errno(r > 0);
+	_nltst_fclose(f);
 }
 
 struct nltst_netns *nltst_netns_enter(void)
--- a/tests/nl-test-util.h
+++ b/tests/nl-test-util.h
@@ -34,6 +34,14 @@
 		_nltst_assert_errno(_r == 0);                                  \
 	} while (0)
 
+#define _nltst_fclose(f)                                                       \
+	do {                                                                   \
+		int _r;                                                        \
+                                                                               \
+		_r = fclose((f));                                              \
+		_nltst_assert_errno(_r == 0);                                  \
+	} while (0)
+
 /*****************************************************************************/
 
 void nltst_netns_fixture_setup(void);
From 7577266c03ddbf42257f6c43f42e5837a2671038 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 21 Apr 2022 08:42:35 +0200
Subject: [PATCH] tests: silently ignore EACCES for setting uid_map for test
 namespace

Seems this can happen, but we probably can just continue with the
unit test. Just ignore the error.

https://github.com/thom311/libnl/issues/ ## 308
--- a/tests/nl-test-util.c
+++ b/tests/nl-test-util.c
@@ -53,7 +53,7 @@ void nltst_netns_fixture_teardown(void)
 
 /*****************************************************************************/
 
-static void unshare_user(void)
+static bool unshare_user(void)
 {
 	const uid_t uid = geteuid();
 	const gid_t gid = getegid();
@@ -75,7 +75,11 @@ static void unshare_user(void)
 
 	/* Map current UID to root in NS to be created. */
 	f = fopen("/proc/self/uid_map", "we");
-	_nltst_assert_errno(f);
+	if (!f) {
+		if (errno == EACCES)
+			return false;
+		_nltst_assert_errno(f);
+	}
 	r = fprintf(f, "0 %d 1", uid);
 	_nltst_assert_errno(r > 0);
 	_nltst_fclose(f);
@@ -86,6 +90,7 @@ static void unshare_user(void)
 	r = fprintf(f, "0 %d 1", gid);
 	_nltst_assert_errno(r > 0);
 	_nltst_fclose(f);
+	return true;
 }
 
 struct nltst_netns *nltst_netns_enter(void)
@@ -96,8 +101,12 @@ struct nltst_netns *nltst_netns_enter(void)
 	nsdata = calloc(1, sizeof(struct nltst_netns));
 	ck_assert(nsdata);
 
-	nsdata->canary = _CANARY;
+	*nsdata = (struct nltst_netns){
+		.canary = _CANARY,
+	};
 
+	/* unshare_user() might fail to set uid_map/gid_map due to sandboxing.
+	 * We ignore that error and proceed. The test will possibly still work. */
 	unshare_user();
 
 	r = unshare(CLONE_NEWNET | CLONE_NEWNS);