From d696eb94e1ed49b1fce8c2da47aedbe9972cbf86 Mon Sep 17 00:00:00 2001
From: Firo Yang <firo.yang@suse.com>
Date: Fri, 16 Apr 2021 12:11:40 +0800
Subject: libebtc: Fix an issue that '--concurrent' doesn't work with NFS

Due to the following commit[1] from kernel, if '/var/lib/ebtables' was
mounted with a NFS filesystem, ebtables command will hit the following
error:
mount | grep nfs
x.x.x.x:/var/lib/ebtables on /var/lib/ebtables type nfs4 [...]
/usr/sbin/ebtables --concurrent -L
Trying to obtain lock /var/lib/ebtables/lock
Trying to obtain lock /var/lib/ebtables/lock
Trying to obtain lock /var/lib/ebtables/lock
Trying to obtain lock /var/lib/ebtables/lock
[...]

In order to fix this problem, add 'O_WRONLY' to match the requirement of
that kernel commit[1].

[1]: 55725513b5ef ("NFSv4: Ensure that we check lock exclusive/shared type against open modes")

Signed-off-by: Firo Yang <firo.yang@suse.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 libebtc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libebtc.c b/libebtc.c
index 1b058ef..112c307 100644
--- a/libebtc.c
+++ b/libebtc.c
@@ -144,7 +144,7 @@ static int lock_file()
 	int fd, try = 0;
 
 retry:
-	fd = open(LOCKFILE, O_CREAT|O_CLOEXEC, 00600);
+	fd = open(LOCKFILE, O_CREAT|O_WRONLY|O_CLOEXEC, 00600);
 	if (fd < 0) {
 		if (try == 1 || mkdir(dirname(pathbuf), 00700))
 			return -2;
-- 
cgit v1.2.3