10 Commits (f32b390cf08a9afd9f9899e0d97a90eb162b32a8)

Author	SHA1	Message	Date
Minhan Xia	8de419b19f	expose lock release error from iptables util	2017-07-05 14:31:24 -07:00
Dan Williams	a4624a0e75	util/iptables: fix cross-build failures due to syscall.Flock() ... Fixes: https://github.com/kubernetes/kubernetes/issues/45554	2017-05-14 23:37:52 -05:00
Dan Williams	c7677a4753	util/iptables: grab iptables locks if iptables-restore doesn't support --wait ... When iptables-restore doesn't support --wait (which < 1.6.2 don't), it may conflict with other iptables users on the system, like docker, because it doesn't acquire the iptables lock before changing iptables rules. This causes sporadic docker failures when starting containers. To ensure those don't happen, essentially duplicate the iptables locking logic inside util/iptables when we know iptables-restore doesn't support the --wait option. Unfortunately iptables uses two different locking mechanisms, one until 1.4.x (abstract socket based) and another from 1.6.x (/run/xtables.lock flock() based). We have to grab both locks, because we don't know what version of iptables-restore exists since iptables-restore doesn't have a --version option before 1.6.2. Plus, distros (like RHEL) backport the /run/xtables.lock patch to 1.4.x versions. Related: https://github.com/kubernetes/kubernetes/pull/43575 See also: https://github.com/openshift/origin/pull/13845 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1417234	2017-04-25 14:26:04 -05:00
Mike Danese	a05c3c0efd	autogenerated	2017-04-14 10:40:57 -07:00
deads2k	6a4d5cd7cc	start the apimachinery repo	2017-01-11 09:09:48 -05:00
Jeff Grafton	20d221f75c	Enable auto-generating sources rules	2017-01-05 14:14:13 -08:00
Mike Danese	161c391f44	autogenerated	2016-12-29 13:04:10 -08:00
Dan Winship	d95181fa1e	Port iptables code to pkg/util/version, don't use semvers	2016-12-13 08:53:04 -05:00
Mike Danese	c87de85347	autoupdate BUILD files	2016-12-12 13:30:07 -08:00
Mike Danese	3b6a067afc	autogenerated	2016-10-21 17:32:32 -07:00