Update libnetwork commit

New Commit: fcf1c3b5e57833aaaa756ae3c4140ea54da00319 Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2018-01-12 17:30:19 -05:00 · 2018-01-12 17:30:19 -05:00 · d23e8a7da5
parent 39377bb96d
commit d23e8a7da5
6 changed files with 33 additions and 8 deletions
--- a/hack/dockerfile/binaries-commits
+++ b/hack/dockerfile/binaries-commits
@ -10,7 +10,7 @@ RUNC_COMMIT=b2567b37d7b75eb4cf325b77297b140ea686ce8f
 # fixes or new APIs.
 CONTAINERD_COMMIT=89623f28b87a6004d4b785663257362d1658a729 # v1.0.0
 TINI_COMMIT=949e6facb77383876aeff8a6944dde66b3089574
-LIBNETWORK_COMMIT=7b2b1feb1de4817d522cc372af149ff48d25028e
+LIBNETWORK_COMMIT=fcf1c3b5e57833aaaa756ae3c4140ea54da00319
 VNDR_COMMIT=a6e196d8b4b0cbbdc29aebdb20c59ac6926bb384

 # Linting
--- a/vendor.conf
+++ b/vendor.conf
@ -31,7 +31,7 @@ github.com/moby/buildkit aaff9d591ef128560018433fe61beb802e149de8
 github.com/tonistiigi/fsutil dea3a0da73aee887fc02142d995be764106ac5e2

 #get libnetwork packages
-github.com/docker/libnetwork 315a076a4e9ded2abc950318c71d5f1637547977 
+github.com/docker/libnetwork fcf1c3b5e57833aaaa756ae3c4140ea54da00319
 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
--- a/vendor/github.com/docker/libnetwork/controller.go
+++ b/vendor/github.com/docker/libnetwork/controller.go
@ -882,9 +882,7 @@ addToStore:
 		c.Unlock()
 	}

-	c.Lock()
-	arrangeUserFilterRule()
-	c.Unlock()
+	c.arrangeUserFilterRule()

 	return network, nil
 }
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
+++ b/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
@ -711,7 +711,7 @@ func (n *network) initSandbox(restore bool) error {
 	n.setNetlinkSocket(nlSock)

 	if err == nil {
-		go n.watchMiss(nlSock)
+		go n.watchMiss(nlSock, key)
 	} else {
 		logrus.Errorf("failed to subscribe to neighbor group netlink messages for overlay network %s in sbox %s: %v",
 			n.id, sbox.Key(), err)
@ -720,7 +720,23 @@ func (n *network) initSandbox(restore bool) error {
 	return nil
 }

-func (n *network) watchMiss(nlSock *nl.NetlinkSocket) {
+func (n *network) watchMiss(nlSock *nl.NetlinkSocket, nsPath string) {
+	// With the new version of the netlink library the deserialize function makes
+	// requests about the interface of the netlink message. This can succeed only
+	// if this go routine is in the target namespace. For this reason following we
+	// lock the thread on that namespace
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+	newNs, err := netns.GetFromPath(nsPath)
+	if err != nil {
+		logrus.WithError(err).Errorf("failed to get the namespace %s", nsPath)
+		return
+	}
+	defer newNs.Close()
+	if err = netns.Set(newNs); err != nil {
+		logrus.WithError(err).Errorf("failed to enter the namespace %s", nsPath)
+		return
+	}
 	for {
 		msgs, err := nlSock.Receive()
 		if err != nil {
--- a/vendor/github.com/docker/libnetwork/firewall_linux.go
+++ b/vendor/github.com/docker/libnetwork/firewall_linux.go
@ -7,6 +7,17 @@ import (

 const userChain = "DOCKER-USER"

+func (c *controller) arrangeUserFilterRule() {
+	c.Lock()
+	arrangeUserFilterRule()
+	c.Unlock()
+	iptables.OnReloaded(func() {
+		c.Lock()
+		arrangeUserFilterRule()
+		c.Unlock()
+	})
+}
+
 // This chain allow users to configure firewall policies in a way that persists
 // docker operations/restarts. Docker will not delete or modify any pre-existing
 // rules from the DOCKER-USER filter chain.
--- a/vendor/github.com/docker/libnetwork/firewall_others.go
+++ b/vendor/github.com/docker/libnetwork/firewall_others.go
@ -2,5 +2,5 @@

 package libnetwork

-func arrangeUserFilterRule() {
+func (c *controller) arrangeUserFilterRule() {
 }