From 6c23d4073f8b9315db0e7548c669326679d513bc Mon Sep 17 00:00:00 2001
From: Jana Radhakrishnan <mrjana@docker.com>
Date: Fri, 30 Oct 2015 16:08:33 -0700
Subject: [PATCH] Fix race in host sandbox creation

Since we share the host sandbox with many containers we
need to serialize creation of the sandbox. Otherwise
container starts may see the namespace path in inconsistent
state.

Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
---
 libnetwork/controller.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libnetwork/controller.go b/libnetwork/controller.go
index 3b75ae213c..77d5e68cbb 100644
--- a/libnetwork/controller.go
+++ b/libnetwork/controller.go
@@ -507,13 +507,14 @@ func (c *controller) NewSandbox(containerID string, options ...SandboxOption) (S
 		return nil, err
 	}
 
+	c.Lock()
 	if sb.osSbox == nil && !sb.config.useExternalKey {
 		if sb.osSbox, err = osl.NewSandbox(sb.Key(), !sb.config.useDefaultSandBox); err != nil {
+			c.Unlock()
 			return nil, fmt.Errorf("failed to create new osl sandbox: %v", err)
 		}
 	}
 
-	c.Lock()
 	c.sandboxes[sb.id] = sb
 	c.Unlock()
 	defer func() {