Hi Guys, I was running iptables on different namespaces and met such error "Another app is currently holding the xtables lock. Perhaps you want to use the -w option?". After googling it, I found this enhancement introduces the lock mechanism: "xtables: Add locking to prevent concurrent instances". Based on the commit log, different namespaces should have their own xtables locks. However, based on my test, it looks like different namespaces share the same lock. The CLIs below can easily reproduce the issue. ip netns exec test1 iptables -L -nv -t mangle & ip netns exec test2 iptables -L -nv -t mangle & ip netns exec test3 iptables -L -nv -t mangle & I'm wondering is it an expected behavior? Or some kind of bug? Thanks, Wenxian
