Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create xtables.lock as a file if it doesn't already exist #2822

Merged
merged 3 commits into from
Sep 25, 2023
Merged

Create xtables.lock as a file if it doesn't already exist #2822

merged 3 commits into from
Sep 25, 2023

Conversation

skitt
Copy link
Member

@skitt skitt commented Sep 20, 2023

Default host path mounts create a directory if the mounted path doesn't correspond to anything, which ends up breaking iptables. This fixes that by ensuring that xtables.lock is created as a file if it doesn't already exist; subsequent invocations of iptables on the host (if any) will then be able to use the new file for locking.

@skitt
Create xtables.lock as a file if it doesn't already exist
8f6fb45 
Default host path mounts create a directory if the mounted path
doesn't correspond to anything, which ends up breaking iptables. This
fixes that by ensuring that xtables.lock is created as a file if it
doesn't already exist; subsequent invocations of iptables on the host
(if any) will then be able to use the new file for locking.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
@submariner-bot
Copy link
Contributor

🤖 Created branch: z_pr2822/skitt/qualify-xtables-host-path
🚀 Full E2E won't run until the "ready-to-test" label is applied. I will add it automatically once the PR has 2 approvals, or you can add it manually.

@tpantelis
Copy link
Contributor

This seems to cause a vulnerability error.

@skitt
Copy link
Member Author

skitt commented Sep 20, 2023

This seems to cause a vulnerability error.

The vulnerability is a false positive, see github/advisory-database#2742

@tpantelis
Copy link
Contributor

The vulnerability is a false positive, see github/advisory-database#2742

OK. I changed the job to required - did you make it non-required due to this?

@skitt
Copy link
Member Author

skitt commented Sep 20, 2023

OK. I changed the job to required - did you make it non-required due to this?

Yes — we can wait for the advisory fix to be merged, or “unrequire” the job until it’s fixed...

@submariner-bot submariner-bot added the ready-to-test When a PR is ready for full E2E testing label Sep 21, 2023
@skitt skitt enabled auto-merge (rebase) September 25, 2023 14:10
@skitt skitt merged commit 93f8d3a into submariner-io:devel Sep 25, 2023
@submariner-bot
Copy link
Contributor

🤖 Closed branches: [z_pr2822/skitt/qualify-xtables-host-path]

@skitt skitt added the backport This change requires a backport to eligible release branches label Oct 13, 2023
@skitt skitt mentioned this pull request Oct 13, 2023
Merged
This was referenced Oct 13, 2023
Merged
Merged
tpantelis added a commit to skitt/submariner-operator that referenced this pull request Oct 19, 2023
@tpantelis
Merge branch 'release-0.14' into automated-backport-of-submariner-io#…
24bd0e5 
…2822-origin-release-0.14
@sridhargaddam sridhargaddam mentioned this pull request Nov 13, 2023
Closed
@skitt skitt deleted the qualify-xtables-host-path branch November 13, 2023 22:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpantelis tpantelis tpantelis approved these changes

@sridhargaddam sridhargaddam sridhargaddam approved these changes

@dfarrell07 dfarrell07 dfarrell07 approved these changes

@Oats87 Oats87 Awaiting requested review from Oats87 Oats87 is a code owner

Assignees
No one assigned
Labels
backport This change requires a backport to eligible release branches backport-handled ready-to-test When a PR is ready for full E2E testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@skitt @submariner-bot @tpantelis @dfarrell07 @sridhargaddam