diff --git a/.github/workflows/rust-tests.yml b/.github/workflows/rust-tests.yml
index 48ec2127..595390c9 100644
--- a/.github/workflows/rust-tests.yml
+++ b/.github/workflows/rust-tests.yml
@@ -101,6 +101,8 @@ jobs:
     env:
       RUST_BACKTRACE: full
       RUST_LOG: trace
+      USE_SUDO_IPTABLES: true
+      USE_SUDO_DOCKER: true
       # NETHSM_DOCKER_HOSTNAME: nethsm
     # services:
     #   docker:
@@ -112,7 +114,7 @@ jobs:
       - uses: actions/checkout@v2
 
       - name: install opensc and dependencies
-        run: apt-get update && apt-get install -y curl opensc openssl gcc xxd jq gnutls-bin make docker.io
+        run: sudo apt-get update && sudo apt-get install -y curl opensc openssl gcc xxd jq gnutls-bin make
 
       - name: Install Rust
         uses: actions-rs/toolchain@v1
@@ -126,4 +128,4 @@ jobs:
       - name: build release
         run: cargo build --release
       - name: run network tests
-        run: cargo t --features pkcs11-full-tests -p nethsm_pkcs11 --test basic
+        run: cargo t --features pkcs11-full-tests -p nethsm_pkcs11 --test basic -- --nocapture
diff --git a/pkcs11/tests/basic.rs b/pkcs11/tests/basic.rs
index 07ec3691..0b21b6ad 100644
--- a/pkcs11/tests/basic.rs
+++ b/pkcs11/tests/basic.rs
@@ -80,7 +80,7 @@ fn basic() {
                     max_idle_connections: None,
                 }],
                 retries: None,
-                timeout_seconds: None,
+                timeout_seconds: Some(10),
             }],
             ..Default::default()
         },
@@ -135,7 +135,7 @@ fn multiple_instances() {
                     },
                 ],
                 retries: None,
-                timeout_seconds: None,
+                timeout_seconds: Some(10),
             }],
             ..Default::default()
         },
diff --git a/pkcs11/tests/tools/mod.rs b/pkcs11/tests/tools/mod.rs
index 5d5e8513..208033ed 100644
--- a/pkcs11/tests/tools/mod.rs
+++ b/pkcs11/tests/tools/mod.rs
@@ -1,5 +1,5 @@
 use std::collections::HashSet;
-use std::io::{BufWriter, Read};
+use std::io::BufWriter;
 use std::net::Ipv4Addr;
 use std::process::{Child, Stdio};
 use std::sync::{Arc, LazyLock, Mutex, MutexGuard};
@@ -111,7 +111,7 @@ pub struct TestDropper {
 }
 
 fn iptables() -> Command {
-    if option_env!("USE_SUDO").is_some() {
+    if option_env!("USE_SUDO_IPTABLES").is_some() {
         let mut command = Command::new("sudo");
         command.arg("iptables");
         command
@@ -120,6 +120,25 @@ fn iptables() -> Command {
     }
 }
 
+fn docker() -> Command {
+    if option_env!("USE_SUDO_DOCKER").is_some() {
+        let mut command = Command::new("sudo");
+        command.arg("docker");
+        command
+    } else {
+        Command::new("docker")
+    }
+}
+
+fn kill() -> Command {
+    if option_env!("USE_SUDO_DOCKER").is_some() {
+        let mut command = Command::new("sudo");
+        command.arg("kill");
+        command
+    } else {
+        Command::new("kill")
+    }
+}
 impl TestContext {
     fn unblock(port: u16) {
         let out_in = iptables()
@@ -194,32 +213,18 @@ impl TestContext {
 
 impl Drop for TestDropper {
     fn drop(&mut self) {
-        Command::new("kill")
+        kill()
             .args([self.command_to_kill.id().to_string()])
             .spawn()
             .unwrap()
             .wait()
             .unwrap();
         self.command_to_kill.wait().unwrap();
-        let mut buf = String::new();
-        self.command_to_kill
-            .stdout
-            .take()
-            .unwrap()
-            .read_to_string(&mut buf)
-            .unwrap();
-        buf.push('\n');
-        self.command_to_kill
-            .stderr
-            .take()
-            .unwrap()
-            .read_to_string(&mut buf)
-            .unwrap();
 
         for p in self.context.blocked_ports.iter().cloned() {
             TestContext::unblock(p);
         }
-        println!("{buf}");
+        println!("Finished killing nethsm");
     }
 }
 
@@ -307,17 +312,17 @@ pub fn run_tests(
     };
     let mut test_dropper = TestDropper {
         serialize_test,
-        command_to_kill: Command::new("docker")
+        command_to_kill: docker()
             .args([
                 "run",
                 "--rm",
-                "-ti",
+                "-i",
                 "-p8443:8443",
                 "docker.io/nitrokey/nethsm:testing",
             ])
             .stdin(Stdio::null())
-            .stdout(Stdio::piped())
-            .stderr(Stdio::piped())
+            .stdout(Stdio::inherit())
+            .stderr(Stdio::inherit())
             .spawn()
             .unwrap(),
         context: TestContext {
@@ -325,7 +330,12 @@ pub fn run_tests(
         },
     };
 
-    let client = AgentBuilder::new().tls_config(Arc::new(tls_conf())).build();
+    let client = AgentBuilder::new()
+        .tls_config(Arc::new(tls_conf()))
+        .timeout_connect(Duration::from_secs(1))
+        .timeout_read(Duration::from_secs(10))
+        .timeout_write(Duration::from_secs(10))
+        .build();
 
     let sdk_config = Configuration {
         client,
@@ -378,4 +388,5 @@ pub fn run_tests(
     let mut ctx = Ctx::new_and_initialize("../target/release/libnethsm_pkcs11.so").unwrap();
     f(&mut test_dropper.context, &mut ctx);
     ctx.close_all_sessions(0).unwrap();
+    println!("Ending test");
 }