[lxc-devel] [lxd/master] lxd/firewall: Don't create zombies

stgraber on Github lxc-bot at linuxcontainers.org
Wed Mar 11 22:00:08 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200311/69d301f1/attachment.bin>
-------------- next part --------------
From 75008b746cfaf8471db9fe4ce595e2bd6d366048 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 11 Mar 2020 17:45:59 -0400
Subject: [PATCH] lxd/firewall: Don't create zombies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/firewall/drivers/drivers_nftables.go | 2 +-
 lxd/firewall/drivers/drivers_xtables.go  | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lxd/firewall/drivers/drivers_nftables.go b/lxd/firewall/drivers/drivers_nftables.go
index 59309820ba..3c8a7d5fbe 100644
--- a/lxd/firewall/drivers/drivers_nftables.go
+++ b/lxd/firewall/drivers/drivers_nftables.go
@@ -96,6 +96,7 @@ func (d Nftables) nftParseRuleset() ([]nftGenericItem, error) {
 	if err != nil {
 		return nil, err
 	}
+	defer cmd.Wait()
 
 	// This only extracts certain generic parts of the ruleset, see man libnftables-json for more info.
 	v := &struct {
@@ -121,7 +122,6 @@ func (d Nftables) nftParseRuleset() ([]nftGenericItem, error) {
 		}
 	}
 
-	cmd.Wait()
 	return items, nil
 }
 
diff --git a/lxd/firewall/drivers/drivers_xtables.go b/lxd/firewall/drivers/drivers_xtables.go
index 1e3a2b741f..dd7ff16635 100644
--- a/lxd/firewall/drivers/drivers_xtables.go
+++ b/lxd/firewall/drivers/drivers_xtables.go
@@ -91,6 +91,7 @@ func (d Xtables) iptablesInUse(iptablesCmd string) bool {
 		if err != nil {
 			return false
 		}
+		defer cmd.Wait()
 
 		scanner := bufio.NewScanner(stdout)
 		for scanner.Scan() {
@@ -101,7 +102,6 @@ func (d Xtables) iptablesInUse(iptablesCmd string) bool {
 				return true
 			}
 		}
-		cmd.Wait()
 	}
 
 	return false
@@ -118,6 +118,7 @@ func (d Xtables) ebtablesInUse() bool {
 	if err != nil {
 		return false
 	}
+	defer cmd.Wait()
 
 	scanner := bufio.NewScanner(stdout)
 	for scanner.Scan() {


More information about the lxc-devel mailing list