[systemd-devel] systemd-nspawn trouble
Lennart Poettering
lennart at poettering.net
Wed Apr 22 04:57:29 PDT 2015
On Wed, 22.04.15 13:46, Lennart Poettering (lennart at poettering.net) wrote:
> > I have an nftables based firewall up and running, so maybe networkd is
> > expecting iptables to be in use?
>
> Most likely iptables is compiled as kernel module for you. The module
> cannot be auto-loaded currently, iptables manually loads it for you on
> first invocation, networkd doesn't. If you load it manually (by adding
> it to modules-load.d for example) things should work.
>
> I am not sure how to fix this best. I#d rather not have networkd gain
> support for autoloading kernel modules. Also, it's unlikely to be
> sufficient, given that nspawn can make use of the iptables bits as
> well...
>
> Maybe we should simply list the iptables kernel modules in
> src/core/kmod-setup, and then tell people to blacklist them if they
> really don't want them.
I have made such a change now:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d3087978a8ee23107cb64aa55ca97aefe9531e2
Any chance you can check if this makes things work for you?
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list