Have a look at this thread : http://patchwork.ozlabs.org/patch/246619/
Seems like a new 'locking' mechanism has been added to xtable recently preventing concurrent access on iptables.
I ran a debug on libvirtd and it could probably be solved by using the -w option in the $IPT command (wherever this is called):
2013-10-29 01:10:53.805+0000: 1457: error : virCommandWait:2348 : internal error: Child process (/bin/sh -c 'IPT="/sbin/iptables" cmd='\''$IPT -n -L FORWARD'\'' eval res=\$\("${cmd} 2>&1"\) if [ $? -ne 0 ]; then echo "Failure to execute command '\''${cmd}'\'' : '\''${res}'\''."; exit 1;fi ') unexpected exit status 1: 2013-10-29 01:10:53.799+0000: 2972: debug : virFileClose:90 : Closed fd 21 2013-10-29 01:10:53.799+0000: 2972: debug : virFileClose:90 : Closed fd 23 2013-10-29 01:10:53.799+0000: 2972: debug : virFileClose:90 : Closed fd 19
2013-10-29 01:10:53.805+0000: 1457: debug : virCommandRun:2111 : Result status 0, stdout: 'Failure to execute command '$IPT -n -L FORWARD' : 'Another app is currently holding the xtables lock. Perhaps you want to use the -w option?'.
Have a look at this thread : http:// patchwork. ozlabs. org/patch/ 246619/
Seems like a new 'locking' mechanism has been added to xtable recently preventing concurrent access on iptables.
I ran a debug on libvirtd and it could probably be solved by using the -w option in the $IPT command (wherever this is called):
2013-10-29 01:10:53.805+0000: 1457: error : virCommandWait:2348 : internal error: Child process (/bin/sh -c 'IPT="/ sbin/iptables"
cmd='\''$IPT -n -L FORWARD'\''
eval res=\$\("${cmd} 2>&1"\)
if [ $? -ne 0 ]; then echo "Failure to execute command '\''${cmd}'\'' : '\''${res}'\''."; exit 1;fi
') unexpected exit status 1: 2013-10-29 01:10:53.799+0000: 2972: debug : virFileClose:90 : Closed fd 21
2013-10-29 01:10:53.799+0000: 2972: debug : virFileClose:90 : Closed fd 23
2013-10-29 01:10:53.799+0000: 2972: debug : virFileClose:90 : Closed fd 19
2013-10-29 01:10:53.805+0000: 1457: debug : virCommandRun:2111 : Result status 0, stdout: 'Failure to execute command '$IPT -n -L FORWARD' : 'Another app is currently holding the xtables lock. Perhaps you want to use the -w option?'.