fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-03-07 04:00:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

firewall: pass "--wait 2" to iptables to wait for concurrent invocations

Browse source 
iptables takes a file lock at /run/xtables.lock. By default, if
the file is locked, iptables will fail with error. When that happens,
the iptables rules won't be configured, and the shared mode
(for which we use iptables) will not be setup properly.

Instead, pass "--wait 2", to block. Yes, it's ugly that we use
blocking program invocations, but that's how it is. Also, iptables
should be fast to not be a problem in practice.

(cherry picked from commit 84a71771d9)
This commit is contained in:
Thomas Haller 2023-01-10 19:46:01 +01:00
parent 53a9ba354f
commit 11d8d18c16
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/core/nm-firewall-utils.c
View file

@ -148,7 +148,7 @@ _share_iptables_call_v(const char *const *argv)
}
#define _share_iptables_call(...) \
_share_iptables_call_v(NM_MAKE_STRV("" IPTABLES_PATH "", __VA_ARGS__))
_share_iptables_call_v(NM_MAKE_STRV("" IPTABLES_PATH "", "--wait", "2", __VA_ARGS__))
static gboolean
_share_iptables_chain_op(const char *table, const char *chain, const char *op)