The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7453
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Previously the `defer cmd.Wait()` would potentially mean iptables processes not finishing until the end of the loop.
Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
From 1c4e6ea0874e491d07b6ed35921613bb9ba64bbe Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Thu, 28 May 2020 01:08:57 +0100
Subject: [PATCH] lxd/firewall/drivers/drivers/xtables: Wait for each iptables
call before proceeding to next
Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
lxd/firewall/drivers/drivers_xtables.go | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/lxd/firewall/drivers/drivers_xtables.go
b/lxd/firewall/drivers/drivers_xtables.go
index 728161786e..d0822fb476 100644
--- a/lxd/firewall/drivers/drivers_xtables.go
+++ b/lxd/firewall/drivers/drivers_xtables.go
@@ -78,8 +78,7 @@ func (d Xtables) xtablesIsNftables(cmd string) bool {
// iptablesInUse returns whether the specified iptables backend command has
any rules defined.
func (d Xtables) iptablesInUse(iptablesCmd string) bool {
- tables := []string{"filter", "nat", "mangle", "raw"}
- for _, table := range tables {
+ checkTable := func(table string) bool {
cmd := exec.Command(iptablesCmd, "-S", "-t", table)
stdout, err := cmd.StdoutPipe()
if err != nil {
@@ -100,6 +99,15 @@ func (d Xtables) iptablesInUse(iptablesCmd string) bool {
return true
}
}
+
+ return false
+ }
+
+ tables := []string{"filter", "nat", "mangle", "raw"}
+ for _, table := range tables {
+ if checkTable(table) {
+ return true
+ }
}
return false
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
