-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
common/plugins: replaced sysctl invocation with echo redirect #2789
Conversation
b343bce
to
f26e5a0
Compare
test-me-please |
@joestringer can you take a look at this? it looks like it's failing because of
|
Is |
3883a5f
to
53468c3
Compare
test-me-please |
@joestringer I replicate the |
I just pulled the PR locally and works fine for me. |
common/plugins/add_endpoint.go
Outdated
return nil, nil, fmt.Errorf("unable to open rp_filter configuration file of %s: %s", | ||
lxcIfName, err) | ||
} | ||
std := exec.Command("echo", "0") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we just open the file and write 4 zero-bytes directly into it? Then we don't need the additional exec with echo since this is doing the same, but writing 0 in there directly is more robust / less complicated. C equivalent I would just use fd = open(path, O_WRONLY)
to open the procfs file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@borkmann the sysctl command uses the os.O_WRONLY|os.O_CREATE|os.O_TRUNC
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, lets keep it then.
There is also one more dependency on |
53468c3
to
69bc9c7
Compare
test-me-please |
Is this an opportunity to put the various ways we invoke sysctl (and now just echo) into a package? I haven't read the other changes but I'm guessing a lot of it is similar or the same. This would then allow us to do any detection and error reporting in a consistent manner too. |
common/plugins/add_endpoint.go
Outdated
return nil, nil, fmt.Errorf("unable to open rp_filter configuration file of %s: %s", | ||
lxcIfName, err) | ||
} | ||
_, err = f.WriteString("0\n") | ||
if err != nil { | ||
return nil, nil, fmt.Errorf("unable to disable rp_filter on %s: %s", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we just f.Close()
here in case write fails?
69bc9c7
to
d104fad
Compare
test-me-please |
d104fad
to
1c29ce0
Compare
test-me-please |
1c29ce0
to
e5e3b28
Compare
Signed-off-by: André Martins <andre@cilium.io>
e5e3b28
to
fa65102
Compare
test-me-please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. The last err check in f.Close()
and the omitted one in case of write fail is due to potential EIO when write was not committed yet?
Signed-off-by: André Martins andre@cilium.io
Summary of changes: replaced sysctl invocation with echo redirect