Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

firewall: start watches before initial load

Browse Source 
This should avoid a race condition where we miss an update to QubesDB
that happens right after the initial load, but before the watch start.

Instead, we might now install the same stuff twice - but that's no
problem.
This commit is contained in:
3hhh 2021-05-16 08:27:45 +02:00
parent adfe982bfd
commit 795bec8038
No known key found for this signature in database
GPG Key ID: EB03A691DB2F0833
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
qubesagent/firewall.py
View File

@ -211,14 +211,14 @@ class FirewallWorker(object):
self.run_firewall_dir() self.run_firewall_dir()
self.run_user_script() self.run_user_script()
self.sd_notify('READY=1') self.sd_notify('READY=1')
self.qdb.watch('/qubes-firewall/')
self.qdb.watch('/connected-ips')
self.qdb.watch('/connected-ips6')
# initial load # initial load
for source_addr in self.list_targets(): for source_addr in self.list_targets():
self.handle_addr(source_addr) self.handle_addr(source_addr)
self.update_connected_ips(4) self.update_connected_ips(4)
self.update_connected_ips(6) self.update_connected_ips(6)
self.qdb.watch('/qubes-firewall/')
self.qdb.watch('/connected-ips')
self.qdb.watch('/connected-ips6')
try: try:
for watch_path in iter(self.qdb.read_watch, None): for watch_path in iter(self.qdb.read_watch, None):
if watch_path == '/connected-ips': if watch_path == '/connected-ips':