configs/tmpfiles.d: ensure /run/xtables.lock exists#57
Merged
pothos merged 1 commit intoflatcar-masterfrom Dec 17, 2021
Merged
Conversation
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Dec 16, 2021
This pulls in flatcar/init#57 to make sure the /run/xtables.lock file exists for coordination of xtables modifications.
1 task
invidian
reviewed
Dec 16, 2021
pothos
force-pushed
the
kai/xtables-lock
branch
from
b9465d7 to
26895eb
Compare
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Dec 16, 2021
This pulls in flatcar/init#57 to make sure the /run/xtables.lock file exists for coordination of xtables modifications.
invidian
approved these changes
Dec 17, 2021
The nftables update which included using the nftables compat backend for the iptables binaries instead of xtables on the host resulted in the lock file not being created anymore automatically. The lock file is still required because the xtables backend doesn't go away and is used by containers and, possibly, by invoking the legacy binaries on the host (we ship them for easy access to the xtables lists). Use a systemd-tmpfile directive to create the xtables lock file which, e.g., gets bind-mounted to containers for coordination of xtables modifications.
pothos
force-pushed
the
kai/xtables-lock
branch
from
26895eb to
6b130d6
Compare
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Dec 17, 2021
This pulls in flatcar/init#57 to make sure the /run/xtables.lock file exists for coordination of xtables modifications.
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Dec 17, 2021
This pulls in flatcar/init#57 to make sure the /run/xtables.lock file exists for coordination of xtables modifications.
pothos
added a commit
that referenced
this pull request
Dec 17, 2021
configs/tmpfiles.d: ensure /run/xtables.lock exists
Member
Author
|
Created a flatcar-3033-backport branch for current Stable |
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Dec 17, 2021
This pulls in flatcar/init#57 to make sure the /run/xtables.lock file exists for coordination of xtables modifications.
t-lo
pushed a commit
to flatcar/scripts
that referenced
this pull request
Apr 13, 2023
This pulls in flatcar/init#57 to make sure the /run/xtables.lock file exists for coordination of xtables modifications.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The nftables update which included using the nftables compat backend
for the iptables binaries instead of xtables on the host resulted in
the lock file not being created anymore automatically. The lock file is
still required because the xtables backend doesn't go away and is used
by containers and, possibly, by invoking the legacy binaries on the
host (we ship them for easy access to the xtables lists).
Use a systemd-tmpfile directive to create the xtables lock file which,
e.g., gets bind-mounted to containers for coordination of xtables
modifications.
How to use
Fixes flatcar/Flatcar#578
Testing done
File got created at bootup in a VM. After file deletion the same file got created again by
iptables-legacy -Lchangelog/directory (user-facing change, bug fix, security fix, update)↑ in coreos-overlay