Dev container: try to load kernel module ip6_tables#47960
Conversation
robmry
added
area/networking
On an nftables host, the ip6_tables kernel module may not be loaded, but it needs to be for dockerd to run (with ip6tables now enabled by default). If ip6tables doesn't work, try the dind official image's trick for loading the module using "ip link show". Signed-off-by: Rob Murray <[email protected]>
robmry
force-pushed
the
dev_container_ip6_tables
branch
from
fbac0e3 to
44d00e3
Compare
|
Would it make sense to put this in a separate file ( In that case, the DIND image could even fetch it together with the DIND script; https://github.com/docker-library/docker/blob/5cfa200f9f2bb4486f046078fe4243d3ed6af593/Dockerfile-dind.template#L80-L81 cc @tianon any thoughts? |
|
Discussed Seb's questions in a maintainers meeting -- we could put it in |
5 participants
- What I did
On an nftables host, the
ip6_tableskernel module may not be loaded, but it needs to be for dockerd to run (withip6tablesnow enabled by default).Related to:
- How I did it
If
ip6tablesdoesn't work, try the dind official image's trick for loading the module usingip link show.- How to verify it
On a Debian 12.5 host, with nftables - dockerd starts in a dev container without this fix (following #47918), but it's not possible to create a
--ipv6network. This change sorts it out.In a dev container on MacOS, it doesn't do anything (as expected).
- Description for the changelog