From 795bec8038c948fd0179452ecb70f7eccea472a7 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sun, 16 May 2021 08:27:45 +0200 Subject: [PATCH] firewall: start watches before initial load This should avoid a race condition where we miss an update to QubesDB that happens right after the initial load, but before the watch start. Instead, we might now install the same stuff twice - but that's no problem. --- qubesagent/firewall.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qubesagent/firewall.py b/qubesagent/firewall.py index a9aa998..7a5ffc0 100755 --- a/qubesagent/firewall.py +++ b/qubesagent/firewall.py @@ -211,14 +211,14 @@ class FirewallWorker(object): self.run_firewall_dir() self.run_user_script() self.sd_notify('READY=1') + self.qdb.watch('/qubes-firewall/') + self.qdb.watch('/connected-ips') + self.qdb.watch('/connected-ips6') # initial load for source_addr in self.list_targets(): self.handle_addr(source_addr) self.update_connected_ips(4) self.update_connected_ips(6) - self.qdb.watch('/qubes-firewall/') - self.qdb.watch('/connected-ips') - self.qdb.watch('/connected-ips6') try: for watch_path in iter(self.qdb.read_watch, None): if watch_path == '/connected-ips':