mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
fc2414f988
I saw a rare race during the first few calls to iptables module where some of them would reenter initCheck() after the first call to it already changed iptablesPath, but before the rest of the function completed (in particular the long execs into testing for availability of --wait flag and determining iptables version), resulting in failure of one or more of iptables calls that did not use --wait and were concurrent. To fix the problem, this change gathers all one-time initialization into a single function under a sync.Once instead of using a global variable as a "done initializing" flag before initialization is done. sync.Once guarantees all concurrent calls will block until the first one completes. In addition, it turns out that GetVersion(), called from initCheck(), used Raw() which called back into initCheck() via raw(), which did not cause a problem in the earlier implementation but deadlocked when initialization became strict. This was changed to use a direct call, similar to initialization of supportsXlock. Signed-off-by: Max Timchenko <max@maxvt.com> |
||
|---|---|---|
| .. | ||
| firewalld.go | ||
| firewalld_test.go | ||
| iptables.go | ||
| iptables_test.go | ||