From b7d8d66bb1b390cfef0710d1285213bb4295f997 Mon Sep 17 00:00:00 2001 From: Rudd-O Date: Wed, 12 Oct 2016 15:19:46 +0000 Subject: [PATCH] Eliminate race condition with qubes-setup-dnat-to-ns qubes-setup-dnat-to-ns is called multiple times during boot. Of particular interest are the two invocations done by: 1. `/usr/lib/qubes/init/network-proxy.setup.sh` (`qubes-network.service`) 2. `/usr/lib/qubes/init/misc-post.sh` (`qubes-misc-post.service`) These can, and do often, run in parallel. Often enough that the `PR-QBS` `nat` chain can end up with eight rules instead of four, or (worse) zero rules. This commit represents the proper boot ordering of these services, where the post startup *must* happen after Qubes has already started its iptables, firewall, network setup and netwatcher. This eliminates the race. --- vm-systemd/qubes-misc-post.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vm-systemd/qubes-misc-post.service b/vm-systemd/qubes-misc-post.service index 5cc9819..ccc98e6 100644 --- a/vm-systemd/qubes-misc-post.service +++ b/vm-systemd/qubes-misc-post.service @@ -1,6 +1,6 @@ [Unit] Description=Qubes misc post-boot actions -After=network-pre.target qubes-dvm.service qubes-mount-dirs.service +After=network-pre.target qubes-dvm.service qubes-mount-dirs.service qubes-network.service qubes-firewall.service qubes-netwatcher.service [Service] Type=oneshot