Merge pull request #404 from thaJeztah/19.03_revert_iptables_check2
[19.03 backport] revert controller: Check if IPTables is enabled for arrangeUserFilterRule ENGCORE-1114
diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer
index 1a0086f..26bf89a 100755
--- a/hack/dockerfile/install/proxy.installer
+++ b/hack/dockerfile/install/proxy.installer
@@ -3,7 +3,7 @@
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
# updating the binary version, consider updating github.com/docker/libnetwork
# in vendor.conf accordingly
-LIBNETWORK_COMMIT=45c710223c5fbf04dc3028b9a90b51892e36ca7f
+LIBNETWORK_COMMIT=3eb39382bfa6a3c42f83674ab080ae13b0e34e5d # bump_19.03 branch
install_proxy() {
case "$1" in
diff --git a/vendor.conf b/vendor.conf
index 2942c3a..3c05d45 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -38,7 +38,7 @@
# libnetwork
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
-github.com/docker/libnetwork 45c710223c5fbf04dc3028b9a90b51892e36ca7f
+github.com/docker/libnetwork 3eb39382bfa6a3c42f83674ab080ae13b0e34e5d # bump_19.03 branch
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
diff --git a/vendor/github.com/docker/libnetwork/firewall_linux.go b/vendor/github.com/docker/libnetwork/firewall_linux.go
index d27f60c..54f9621 100644
--- a/vendor/github.com/docker/libnetwork/firewall_linux.go
+++ b/vendor/github.com/docker/libnetwork/firewall_linux.go
@@ -2,7 +2,6 @@
import (
"github.com/docker/libnetwork/iptables"
- "github.com/docker/libnetwork/netlabel"
"github.com/sirupsen/logrus"
)
@@ -10,44 +9,15 @@
func (c *controller) arrangeUserFilterRule() {
c.Lock()
-
- if c.hasIPTablesEnabled() {
- arrangeUserFilterRule()
- }
-
+ arrangeUserFilterRule()
c.Unlock()
-
iptables.OnReloaded(func() {
c.Lock()
-
- if c.hasIPTablesEnabled() {
- arrangeUserFilterRule()
- }
-
+ arrangeUserFilterRule()
c.Unlock()
})
}
-func (c *controller) hasIPTablesEnabled() bool {
- // Locking c should be handled in the calling method.
- if c.cfg == nil || c.cfg.Daemon.DriverCfg[netlabel.GenericData] == nil {
- return false
- }
-
- genericData, ok := c.cfg.Daemon.DriverCfg[netlabel.GenericData]
- if !ok {
- return false
- }
-
- optMap := genericData.(map[string]interface{})
- enabled, ok := optMap["EnableIPTables"].(bool)
- if !ok {
- return false
- }
-
- return enabled
-}
-
// This chain allow users to configure firewall policies in a way that persists
// docker operations/restarts. Docker will not delete or modify any pre-existing
// rules from the DOCKER-USER filter chain.