ExternalVendorCode/balena-supervisor
1
0
Fork 0
mirror of https://github.com/balena-os/balena-supervisor.git synced 2025-02-22 02:16:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #913 from balena-io/synchronous-iptables

Browse Source 
Run iptables rules synchronous to avoid locking errors
This commit is contained in:
CameronDiver 2019-02-19 18:08:45 +00:00 committed by GitHub
commit 6e603928d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/lib/iptables.ts
View File

@ -7,10 +7,17 @@ export const execAsync: (args: string) => Bluebird<string> = Bluebird.promisify(
); );
function applyIptablesArgs(args: string): Bluebird<void> { function applyIptablesArgs(args: string): Bluebird<void> {
return Bluebird.all([ let err: Error | null = null;
execAsync(`iptables ${args}`), // We want to run both commands regardless, but also rethrow an error
execAsync(`ip6tables ${args}`), // if one of them fails
]).return(); return execAsync(`iptables ${args}`)
.catch(e => (err = e))
.then(() => execAsync(`ip6tables ${args}`).catch(e => (err = e)))
.then(() => {
if (err != null) {
throw err;
}
});
} }
function clearIptablesRule(rule: string): Bluebird<void> { function clearIptablesRule(rule: string): Bluebird<void> {

2
test/06-iptables.spec.coffee
View File

@ -29,7 +29,7 @@ describe 'iptables', ->
it "falls back to blocking the port with DROP if there's no REJECT support", -> it "falls back to blocking the port with DROP if there's no REJECT support", ->
stub(iptables, 'execAsync').callsFake (cmd) -> stub(iptables, 'execAsync').callsFake (cmd) ->
if /REJECT$/.test(cmd) if /REJECT$/.test(cmd)
Promise.reject() Promise.reject(new Error())
else else
Promise.resolve() Promise.resolve()
iptables.rejectOnAllInterfacesExcept(['foo', 'bar'], 42) iptables.rejectOnAllInterfacesExcept(['foo', 'bar'], 42)