GitList

Browse code

Reload DOCKER-USER chain on frewalld reload.

Relates to moby/moby#35043

Signed-off-by: Brian Goff <cpuguy83@gmail.com>

Brian Goff authored on 2018/01/13 00:29:09
Showing 3 changed files

libnetwork/controller.go index e938948..f6619ec 100644
libnetwork/firewall_linux.go index b2232ac..54f9621 100644
libnetwork/firewall_others.go index c41b3e0..901f568 100644

@@ -882,9 +882,7 @@ addToStore:
 		c.Unlock()
 	}
 
-	c.Lock()
-	arrangeUserFilterRule()
-	c.Unlock()
+	c.arrangeUserFilterRule()
 
 	return network, nil
 }

libnetwork/firewall_linux.go

History View file @ d5fef4c

@@ -7,6 +7,17 @@ import (
                      const userChain = "DOCKER-USER"
                     +func (c *controller) arrangeUserFilterRule() {
                     +	c.Lock()
                     +	arrangeUserFilterRule()
                     +	c.Unlock()
                     +	iptables.OnReloaded(func() {
                     +		c.Lock()
                     +		arrangeUserFilterRule()
                     +		c.Unlock()
                     +	})
                     +}
+                    +
                      // This chain allow users to configure firewall policies in a way that persists
                      // docker operations/restarts. Docker will not delete or modify any pre-existing
                      // rules from the DOCKER-USER filter chain.

libnetwork/firewall_others.go

History View file @ d5fef4c

@@ -2,5 +2,5 @@
                      package libnetwork
                     -func arrangeUserFilterRule() {
                     +func (c *controller) arrangeUserFilterRule() {
+                     }

...	...	@@ -882,9 +882,7 @@ addToStore:
882	882	c.Unlock()
883	883	}
884	884
885		- c.Lock()
886		- arrangeUserFilterRule()
887		- c.Unlock()
	885	+ c.arrangeUserFilterRule()
888	886
889	887	return network, nil
890	888	}