Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/docker: load more required kernel modules #97677

Merged
merged 1 commit into from Feb 17, 2023
Merged

nixos/docker: load more required kernel modules #97677

merged 1 commit into from Feb 17, 2023

Conversation

ryneeverett
Copy link
Contributor

@ryneeverett ryneeverett commented Sep 10, 2020
edited

Motivation for this change

This builds on #76487.

br_netfilter

When I first added veth it was suggested I add bridge as well. Without
bridge I get the following error message when starting the daemon with
security.lockKernelModules=true:

Running modprobe bridge br_netfilter failed with message: modprobe: ERROR: could not insert 'br_netfilter': Operation not permitted

Therefore if we're going to add bridge we may as well add br_netfilter
as well.

xt_nat

Without xt_nat, docker cannot do dnat with iptables, failing with:

iptables v1.8.4 (legacy): unknown option "--to-destination"\nTry `iptables -h' or 'iptables --help' for more information.\n (exit status 2))

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Mic92
Mic92 approved these changes Sep 10, 2020
View reviewed changes
Copy link
Member

@Mic92 Mic92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be also backported.

@Mic92 Mic92 added this to the 20.09 milestone Sep 10, 2020
@FRidh FRidh modified the milestones: 20.09, 21.03 Dec 20, 2020
@stale
Copy link

stale bot commented Jun 18, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 18, 2021
@ryneeverett
nixos/docker: load more required kernel modules
12755ec 
This builds on NixOS#76487.

br_netfilter
------------

When I first added veth it was suggested I add bridge as well. Without
veth I get the following error message when starting the daemon with
security.lockKernelModules=true:

> Running modprobe bridge br_netfilter failed with message: modprobe: ERROR: could not insert 'br_netfilter': Operation not permitted

Therefore if we're going to add bridge we may as well add br_netfilter
as well.

xt_nat
------

Without xt_nat, docker cannot do dnat with iptables, failing with:

> iptables v1.8.4 (legacy): unknown option \"--to-destination\"\nTry `iptables -h' or 'iptables --help' for more information.\n (exit status 2))
@ryneeverett ryneeverett force-pushed the lockkernelmodules-docker-more branch from b42956b to 12755ec Compare June 19, 2021 22:23
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 19, 2021
@stale
Copy link

stale bot commented Jan 8, 2022

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jan 8, 2022
@Artturin Artturin modified the milestones: 21.05, 23.05 Dec 31, 2022
@stale stale bot removed 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md labels Dec 31, 2022
@SuperSandro2000
Copy link
Member

We want to finally merge this?

@Artturin Artturin merged commit efd1d7e into NixOS:master Feb 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 approved these changes

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
23.05
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ryneeverett @SuperSandro2000 @Mic92 @FRidh @Artturin