Make sure all iptables commands use -w
iptables invocations that happen in parallel can "collide" with each
other, resulting in intermittent failures. The `-w` flag prevents this.
BUG=chromium:646827
TEST=`FEATURES=test emerge-link firewalld`
Change-Id: Id0f8d982379b3dcaa87a08add8e24f434e0f0ae8
Reviewed-on: https://chromium-review.googlesource.com/391041
Commit-Ready: Kevin Cernekee <cernekee@chromium.org>
Tested-by: Kevin Cernekee <cernekee@chromium.org>
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/iptables.cc b/iptables.cc
index 915a1ac..e8ca006 100644
--- a/iptables.cc
+++ b/iptables.cc
@@ -387,6 +387,7 @@
argv.push_back(interface);
argv.push_back("-j");
argv.push_back("MASQUERADE");
+ argv.push_back("-w"); // Wait for xtables lock
// Use CAP_NET_ADMIN|CAP_NET_RAW.
if (ExecvNonRoot(argv, kIpTablesCapMask) != 0) {
@@ -442,6 +443,7 @@
argv.push_back("MARK");
argv.push_back("--set-mark");
argv.push_back(kMarkForUserTraffic);
+ argv.push_back("-w"); // Wait for xtables lock
// Use CAP_NET_ADMIN|CAP_NET_RAW.
bool success = ExecvNonRoot(argv, kIpTablesCapMask) == 0;