* dunfell/5.8.x kernel/Docker version 19.03.8-ce
@ 2020-10-08 14:35 Robert Berger
2020-10-08 15:00 ` [meta-virtualization] " Maciej Pijanowski
0 siblings, 1 reply; 6+ messages in thread
From: Robert Berger @ 2020-10-08 14:35 UTC (permalink / raw)
To: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 204 bytes --]
Hi,
It looks like with a 5.8.x kernel docker is not happy anymore with iptables and kills the socket.
https://pastebin.com/U702eC9G
Are there any suggested fixes for this?
Regards,
Robert
[-- Attachment #2: Type: text/html, Size: 357 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-virtualization] dunfell/5.8.x kernel/Docker version 19.03.8-ce
2020-10-08 14:35 dunfell/5.8.x kernel/Docker version 19.03.8-ce Robert Berger
@ 2020-10-08 15:00 ` Maciej Pijanowski
2020-10-08 15:13 ` Bruce Ashfield
[not found] ` <163C0D2B0E77C0DC.4412@lists.yoctoproject.org>
0 siblings, 2 replies; 6+ messages in thread
From: Maciej Pijanowski @ 2020-10-08 15:00 UTC (permalink / raw)
To: Robert Berger, meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 465 bytes --]
On 08.10.2020 16:35, Robert Berger wrote:
> Hi,
>
> It looks like with a 5.8.x kernel docker is not happy anymore with
> iptables and kills the socket.
>
> https://pastebin.com/U702eC9G
>
> Are there any suggested fixes for this?
The kernel-module-xt-masquerade is missing.
Docker could RRECOMMENDS on it.
>
> Regards,
>
> Robert
>
>
>
--
Maciej Pijanowski
Embedded Systems Engineer
GPG: 9963C36AAC3B2B46
https://3mdeb.com | @3mdeb_com
[-- Attachment #2: Type: text/html, Size: 1529 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-virtualization] dunfell/5.8.x kernel/Docker version 19.03.8-ce
2020-10-08 15:00 ` [meta-virtualization] " Maciej Pijanowski
@ 2020-10-08 15:13 ` Bruce Ashfield
[not found] ` <163C0D2B0E77C0DC.4412@lists.yoctoproject.org>
1 sibling, 0 replies; 6+ messages in thread
From: Bruce Ashfield @ 2020-10-08 15:13 UTC (permalink / raw)
To: Maciej Pijanowski; +Cc: Robert Berger, meta-virtualization
On Thu, Oct 8, 2020 at 11:00 AM Maciej Pijanowski
<maciej.pijanowski@3mdeb.com> wrote:
>
>
> On 08.10.2020 16:35, Robert Berger wrote:
>
> Hi,
>
> It looks like with a 5.8.x kernel docker is not happy anymore with iptables and kills the socket.
>
> https://pastebin.com/U702eC9G
>
> Are there any suggested fixes for this?
>
> The kernel-module-xt-masquerade is missing.
> Docker could RRECOMMENDS on it.
Indeed.
And I have some other 5.8 related changes that I'm finishing up now,
so I'll take care of adjusting to the 5.8+ kernel
Bruce
>
>
> Regards,
>
> Robert
>
>
> --
> Maciej Pijanowski
> Embedded Systems Engineer
> GPG: 9963C36AAC3B2B46
> https://3mdeb.com | @3mdeb_com
>
>
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-virtualization] dunfell/5.8.x kernel/Docker version 19.03.8-ce
[not found] ` <163C0D2B0E77C0DC.4412@lists.yoctoproject.org>
@ 2020-10-08 22:07 ` Bruce Ashfield
2020-10-09 10:10 ` Robert Berger
0 siblings, 1 reply; 6+ messages in thread
From: Bruce Ashfield @ 2020-10-08 22:07 UTC (permalink / raw)
To: Bruce Ashfield; +Cc: Maciej Pijanowski, Robert Berger, meta-virtualization
On Thu, Oct 8, 2020 at 11:14 AM Bruce Ashfield via
lists.yoctoproject.org
<bruce.ashfield=gmail.com@lists.yoctoproject.org> wrote:
>
> On Thu, Oct 8, 2020 at 11:00 AM Maciej Pijanowski
> <maciej.pijanowski@3mdeb.com> wrote:
> >
> >
> > On 08.10.2020 16:35, Robert Berger wrote:
> >
> > Hi,
> >
> > It looks like with a 5.8.x kernel docker is not happy anymore with iptables and kills the socket.
> >
> > https://pastebin.com/U702eC9G
> >
> > Are there any suggested fixes for this?
> >
> > The kernel-module-xt-masquerade is missing.
> > Docker could RRECOMMENDS on it.
>
> Indeed.
>
> And I have some other 5.8 related changes that I'm finishing up now,
> so I'll take care of adjusting to the 5.8+ kernel
>
FYI. If you were using the meta-virt fragments (as I hope you were!
;), then it was something I did to fix the rpi layer that broke things
.. and hence why the required modules weren't around.
I'm doing some final testing now, but will push the fix shortly:
root@qemux86-64:~# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
df20fa9351a1: Pull complete
Digest: sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
root@qemux86-64:~# docker run -it alpine /bin/sh
[ 232.159559] docker0: port 1(veth7ec1de8) entered blocking state
[ 232.160750] docker0: port 1(veth7ec1de8) entered disabled state
[ 232.163205] device veth7ec1de8 entered promiscuous mode
[ 233.006297] cgroup: cgroup: disabling cgroup2 socket matching due
to net_prio or net_cls activation
[ 233.171969] eth0: renamed from veth7019cad
[ 233.173600] IPv6: ADDRCONF(NETDEV_CHANGE): veth7ec1de8: link becomes ready
[ 233.174232] docker0: port 1(veth7ec1de8) entered blocking state
[ 233.174788] docker0: port 1(veth7ec1de8) entered forwarding state
[ 233.175386] IPv6: ADDRCONF(NETDEV_CHANGE): docker0: link becomes ready
/ # [ 235.534743] docker0: port 1(veth7ec1de8) entered disabled state
[ 235.536828] veth7019cad: renamed from eth0
[ 235.621760] docker0: port 1(veth7ec1de8) entered disabled state
[ 235.625189] device veth7ec1de8 left promiscuous mode
[ 235.625667] docker0: port 1(veth7ec1de8) entered disabled state
root@qemux86-64:~# uname -a
Linux qemux86-64 5.8.13-yocto-standard #1 SMP PREEMPT Tue Oct 6
12:23:29 UTC 2020 x86_64 GNU/Linux
Bruce
> Bruce
>
> >
> >
> > Regards,
> >
> > Robert
> >
> >
> > --
> > Maciej Pijanowski
> > Embedded Systems Engineer
> > GPG: 9963C36AAC3B2B46
> > https://3mdeb.com | @3mdeb_com
> >
> >
> >
> >
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end
> - "Use the force Harry" - Gandalf, Star Trek II
>
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-virtualization] dunfell/5.8.x kernel/Docker version 19.03.8-ce
2020-10-08 22:07 ` Bruce Ashfield
@ 2020-10-09 10:10 ` Robert Berger
2020-10-09 13:05 ` Bruce Ashfield
0 siblings, 1 reply; 6+ messages in thread
From: Robert Berger @ 2020-10-09 10:10 UTC (permalink / raw)
To: Bruce Ashfield; +Cc: Maciej Pijanowski, meta-virtualization
Hi,
Thanks for the quick reply - I'll give it a try!
On 09/10/2020 01:07, Bruce Ashfield wrote:
>
> FYI. If you were using the meta-virt fragments (as I hope you were!
> ;), then it was something I did to fix the rpi layer that broke things
> .. and hence why the required modules weren't around.
>
You mean those in the meta-virt layer?
I am using those, but I guess with my meta-virt is too old - dunfell
something.
Also I have my own custom kernel recipe and don't use the one from
meta-virt.
So basically what is do is apply kernel fragments from meta-virt (and
some others) on top of some kind of upstream 5.8.x kernel.[1]
[1]
https://gitlab.com/meta-layers/meta-raspberrypi-ml-bsp/-/blob/dunfell/recipes-kernel/linux/config/arm64-ml-base/ktypes/virt/virt.scc
The same fragments work for a 5.4.x kernel.
Regards,
Robert
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-virtualization] dunfell/5.8.x kernel/Docker version 19.03.8-ce
2020-10-09 10:10 ` Robert Berger
@ 2020-10-09 13:05 ` Bruce Ashfield
0 siblings, 0 replies; 6+ messages in thread
From: Bruce Ashfield @ 2020-10-09 13:05 UTC (permalink / raw)
To: Robert Berger@yocto.user; +Cc: Maciej Pijanowski, meta-virtualization
On Fri, Oct 9, 2020 at 6:10 AM Robert Berger@yocto.user
<robert.berger.yocto.user@gmail.com> wrote:
>
> Hi,
>
> Thanks for the quick reply - I'll give it a try!
>
> On 09/10/2020 01:07, Bruce Ashfield wrote:
> >
> > FYI. If you were using the meta-virt fragments (as I hope you were!
> > ;), then it was something I did to fix the rpi layer that broke things
> > .. and hence why the required modules weren't around.
> >
>
> You mean those in the meta-virt layer?
>
> I am using those, but I guess with my meta-virt is too old - dunfell
> something.
Aha. Right, I missed that. I wouldn't have broken dunfell, but I can
confirm that with the right modules loaded, docker works fine with a
yocto built 5.8
Bruce
>
> Also I have my own custom kernel recipe and don't use the one from
> meta-virt.
>
> So basically what is do is apply kernel fragments from meta-virt (and
> some others) on top of some kind of upstream 5.8.x kernel.[1]
>
> [1]
> https://gitlab.com/meta-layers/meta-raspberrypi-ml-bsp/-/blob/dunfell/recipes-kernel/linux/config/arm64-ml-base/ktypes/virt/virt.scc
>
> The same fragments work for a 5.4.x kernel.
>
> Regards,
>
> Robert
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-09 13:05 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-08 14:35 dunfell/5.8.x kernel/Docker version 19.03.8-ce Robert Berger
2020-10-08 15:00 ` [meta-virtualization] " Maciej Pijanowski
2020-10-08 15:13 ` Bruce Ashfield
[not found] ` <163C0D2B0E77C0DC.4412@lists.yoctoproject.org>
2020-10-08 22:07 ` Bruce Ashfield
2020-10-09 10:10 ` Robert Berger
2020-10-09 13:05 ` Bruce Ashfield
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.