firewall: pass "--wait 2" to iptables to wait for concurrent invocations

iptables takes a file lock at /run/xtables.lock. By default, if the file is locked, iptables will fail with error. When that happens, the iptables rules won't be configured, and the shared mode (for which we use iptables) will not be setup properly. Instead, pass "--wait 2", to block. Yes, it's ugly that we use blocking program invocations, but that's how it is. Also, iptables should be fast to not be a problem in practice. (cherry picked from commit 84a71771d9761fdcb1dc2a991af71cbc874ea0f6)
author: Thomas Haller <thaller@redhat.com> 2023-01-10 19:46:01 +0100
committer: Thomas Haller <thaller@redhat.com> 2023-01-16 10:22:05 +0100
commit: 11d8d18c162ce0c0797e3aa09e6d3b15429e091b (patch)
tree: ee13745df1f6a8db221d8561f9b5a3f1f765e848
parent: 53a9ba354f79cf0986ed7e3eedc30b377c50e0a6 (diff)
download: NetworkManager-11d8d18c162ce0c0797e3aa09e6d3b15429e091b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
index 93bf501511..4bcde85fe3 100644
--- a/src/core/nm-firewall-utils.c
+++ b/src/core/nm-firewall-utils.c
@@ -148,7 +148,7 @@ _share_iptables_call_v(const char *const *argv)
 }
 
 #define _share_iptables_call(...) \
-    _share_iptables_call_v(NM_MAKE_STRV("" IPTABLES_PATH "", __VA_ARGS__))
+    _share_iptables_call_v(NM_MAKE_STRV("" IPTABLES_PATH "", "--wait", "2", __VA_ARGS__))
 
 static gboolean
 _share_iptables_chain_op(const char *table, const char *chain, const char *op)
author	Thomas Haller <thaller@redhat.com>	2023-01-10 19:46:01 +0100
committer	Thomas Haller <thaller@redhat.com>	2023-01-16 10:22:05 +0100
commit	11d8d18c162ce0c0797e3aa09e6d3b15429e091b (patch)
tree	ee13745df1f6a8db221d8561f9b5a3f1f765e848
parent	53a9ba354f79cf0986ed7e3eedc30b377c50e0a6 (diff)
download	NetworkManager-11d8d18c162ce0c0797e3aa09e6d3b15429e091b.tar.gz