Update libnetwork commit

New Commit: fcf1c3b5e57833aaaa756ae3c4140ea54da00319 Signed-off-by: Brian Goff <cpuguy83@gmail.com> Upstream-commit: d23e8a7da58c119a8dda59484e9b180c6f25daed Component: engine
2018-01-12 17:30:19 -05:00
parent 9e8b44781f
commit fdf41db38c
6 changed files with 33 additions and 8 deletions
--- a/components/engine/vendor/github.com/docker/libnetwork/controller.go
+++ b/components/engine/vendor/github.com/docker/libnetwork/controller.go
@ -882,9 +882,7 @@ addToStore:
 		c.Unlock()
 	}

-	c.Lock()
-	arrangeUserFilterRule()
-	c.Unlock()
+	c.arrangeUserFilterRule()

 	return network, nil
 }
--- a/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
+++ b/components/engine/vendor/github.com/docker/libnetwork/drivers/overlay/ov_network.go
@ -711,7 +711,7 @@ func (n *network) initSandbox(restore bool) error {
 	n.setNetlinkSocket(nlSock)

 	if err == nil {
-		go n.watchMiss(nlSock)
+		go n.watchMiss(nlSock, key)
 	} else {
 		logrus.Errorf("failed to subscribe to neighbor group netlink messages for overlay network %s in sbox %s: %v",
 			n.id, sbox.Key(), err)
@ -720,7 +720,23 @@ func (n *network) initSandbox(restore bool) error {
 	return nil
 }

-func (n *network) watchMiss(nlSock *nl.NetlinkSocket) {
+func (n *network) watchMiss(nlSock *nl.NetlinkSocket, nsPath string) {
+	// With the new version of the netlink library the deserialize function makes
+	// requests about the interface of the netlink message. This can succeed only
+	// if this go routine is in the target namespace. For this reason following we
+	// lock the thread on that namespace
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+	newNs, err := netns.GetFromPath(nsPath)
+	if err != nil {
+		logrus.WithError(err).Errorf("failed to get the namespace %s", nsPath)
+		return
+	}
+	defer newNs.Close()
+	if err = netns.Set(newNs); err != nil {
+		logrus.WithError(err).Errorf("failed to enter the namespace %s", nsPath)
+		return
+	}
 	for {
 		msgs, err := nlSock.Receive()
 		if err != nil {
--- a/components/engine/vendor/github.com/docker/libnetwork/firewall_linux.go
+++ b/components/engine/vendor/github.com/docker/libnetwork/firewall_linux.go
@ -7,6 +7,17 @@ import (

 const userChain = "DOCKER-USER"

+func (c *controller) arrangeUserFilterRule() {
+	c.Lock()
+	arrangeUserFilterRule()
+	c.Unlock()
+	iptables.OnReloaded(func() {
+		c.Lock()
+		arrangeUserFilterRule()
+		c.Unlock()
+	})
+}
+
 // This chain allow users to configure firewall policies in a way that persists
 // docker operations/restarts. Docker will not delete or modify any pre-existing
 // rules from the DOCKER-USER filter chain.
--- a/components/engine/vendor/github.com/docker/libnetwork/firewall_others.go
+++ b/components/engine/vendor/github.com/docker/libnetwork/firewall_others.go
@ -2,5 +2,5 @@

 package libnetwork

-func arrangeUserFilterRule() {
+func (c *controller) arrangeUserFilterRule() {
 }