Browse code
bump libnetwork 90afbb01e1d8acacb505a092744ea42b9f167377
full diff: https://github.com/docker/libnetwork/compare/0025177e3dabbe0de151be0957dcaff149d43536...90afbb01e1d8acacb505a092744ea42b9f167377
includes:
- docker/libnetwork#/2459 Fix Error Check in NewNetwork
- docker/libnetwork#/2466 Revert "Merge pull request #2339 from phyber/iptables-check"
- reverts docker/libnetwork#/2339 controller: Check if IPTables is enabled for arrangeUserFilterRule
- re-opens docker/libnetwork#2158 dockerd when run with --iptables=false modifies iptables by adding DOCKER-USER
- re-opens moby/moby#35777 With iptables=false dockerd still creates DOCKER-USER chain and rules
- re-opens docker/for-linux#136 dockerd --iptables=false adds DOCKER-USER chain and modify FORWARD chain anyway
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2019/11/08 06:43:42Showing 5 changed files
- hack/dockerfile/install/proxy.installer
- vendor.conf
- vendor/github.com/docker/libnetwork/controller.go
- vendor/github.com/docker/libnetwork/firewall_linux.go
- vendor/github.com/docker/libnetwork/vendor.conf
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When |
| 4 | 4 |
# updating the binary version, consider updating github.com/docker/libnetwork |
| 5 | 5 |
# in vendor.conf accordingly |
| 6 |
-: ${LIBNETWORK_COMMIT:=0025177e3dabbe0de151be0957dcaff149d43536}
|
|
| 6 |
+: "${LIBNETWORK_COMMIT:=90afbb01e1d8acacb505a092744ea42b9f167377}"
|
|
| 7 | 7 |
|
| 8 | 8 |
install_proxy() {
|
| 9 | 9 |
case "$1" in |
| ... | ... |
@@ -38,7 +38,7 @@ github.com/gofrs/flock 392e7fae8f1b0bdbd67dad7237d2 |
| 38 | 38 |
# libnetwork |
| 39 | 39 |
|
| 40 | 40 |
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly |
| 41 |
-github.com/docker/libnetwork 0025177e3dabbe0de151be0957dcaff149d43536 |
|
| 41 |
+github.com/docker/libnetwork 90afbb01e1d8acacb505a092744ea42b9f167377 |
|
| 42 | 42 |
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 |
| 43 | 43 |
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 |
| 44 | 44 |
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec |
| ... | ... |
@@ -825,7 +825,7 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ... |
| 825 | 825 |
|
| 826 | 826 |
err = c.addNetwork(network) |
| 827 | 827 |
if err != nil {
|
| 828 |
- if strings.Contains(err.Error(), "restoring existing network") {
|
|
| 828 |
+ if _, ok := err.(types.MaskableError); ok {
|
|
| 829 | 829 |
// This error can be ignored and set this boolean |
| 830 | 830 |
// value to skip a refcount increment for configOnly networks |
| 831 | 831 |
skipCfgEpCount = true |
| ... | ... |
@@ -2,7 +2,6 @@ package libnetwork |
| 2 | 2 |
|
| 3 | 3 |
import ( |
| 4 | 4 |
"github.com/docker/libnetwork/iptables" |
| 5 |
- "github.com/docker/libnetwork/netlabel" |
|
| 6 | 5 |
"github.com/sirupsen/logrus" |
| 7 | 6 |
) |
| 8 | 7 |
|
| ... | ... |
@@ -10,44 +9,15 @@ const userChain = "DOCKER-USER" |
| 10 | 10 |
|
| 11 | 11 |
func (c *controller) arrangeUserFilterRule() {
|
| 12 | 12 |
c.Lock() |
| 13 |
- |
|
| 14 |
- if c.hasIPTablesEnabled() {
|
|
| 15 |
- arrangeUserFilterRule() |
|
| 16 |
- } |
|
| 17 |
- |
|
| 13 |
+ arrangeUserFilterRule() |
|
| 18 | 14 |
c.Unlock() |
| 19 |
- |
|
| 20 | 15 |
iptables.OnReloaded(func() {
|
| 21 | 16 |
c.Lock() |
| 22 |
- |
|
| 23 |
- if c.hasIPTablesEnabled() {
|
|
| 24 |
- arrangeUserFilterRule() |
|
| 25 |
- } |
|
| 26 |
- |
|
| 17 |
+ arrangeUserFilterRule() |
|
| 27 | 18 |
c.Unlock() |
| 28 | 19 |
}) |
| 29 | 20 |
} |
| 30 | 21 |
|
| 31 |
-func (c *controller) hasIPTablesEnabled() bool {
|
|
| 32 |
- // Locking c should be handled in the calling method. |
|
| 33 |
- if c.cfg == nil || c.cfg.Daemon.DriverCfg[netlabel.GenericData] == nil {
|
|
| 34 |
- return false |
|
| 35 |
- } |
|
| 36 |
- |
|
| 37 |
- genericData, ok := c.cfg.Daemon.DriverCfg[netlabel.GenericData] |
|
| 38 |
- if !ok {
|
|
| 39 |
- return false |
|
| 40 |
- } |
|
| 41 |
- |
|
| 42 |
- optMap := genericData.(map[string]interface{})
|
|
| 43 |
- enabled, ok := optMap["EnableIPTables"].(bool) |
|
| 44 |
- if !ok {
|
|
| 45 |
- return false |
|
| 46 |
- } |
|
| 47 |
- |
|
| 48 |
- return enabled |
|
| 49 |
-} |
|
| 50 |
- |
|
| 51 | 22 |
// This chain allow users to configure firewall policies in a way that persists |
| 52 | 23 |
// docker operations/restarts. Docker will not delete or modify any pre-existing |
| 53 | 24 |
// rules from the DOCKER-USER filter chain. |
| ... | ... |
@@ -51,5 +51,5 @@ golang.org/x/sync 1d60e4601c6fd243af51cc01ddf169918a5407ca |
| 51 | 51 |
github.com/pkg/errors ba968bfe8b2f7e042a574c888954fccecfa385b4 # v0.8.1 |
| 52 | 52 |
github.com/ishidawataru/sctp 6e2cb1366111dcf547c13531e3a263a067715847 |
| 53 | 53 |
|
| 54 |
-gotest.tools b6e20af1ed078cd01a6413b734051a292450b4cb # v2.1.0 |
|
| 54 |
+gotest.tools 1083505acf35a0bd8a696b26837e1fb3187a7a83 # v2.3.0 |
|
| 55 | 55 |
github.com/google/go-cmp 3af367b6b30c263d47e8895973edcca9a49cf029 # v0.2.0 |