Overview
that ipv6 change seems wrong.
shouldnt this change be in the netavark package and not in podman? podman can be run with other CNIs too no?
No, CNI support has been deprecated & disabled with podman 5.0
well even then ... it is not podman which needs this module but netavark.
Podman and netavark both need this module to be loaded, for rootless and rootfull networking respectively. Adding it to netavark, even though technically correct, would be redundant because netavark is only consumed by podman.
actually a further discussion brought up a few more interesting points
- firewalld which is our default firewall solution is using nftables now by default
- the module you try to load there isnt actually used by nftables but by iptables.
- based on https://github.com/containers/netavark/pull/883 it looks like netavark could natively support nftables?
i just had the "fun" of debugging a machine where the main firewall was nftables, but docker in that case was still using iptables. for proper distro integration it would be better if we ensured that podman and netavark are using nftables as well. or at least us the iptables nft backend.
Request History
dancermak created request
Add patch for CVE-2024-9676 (bsc#1231698) (forwarded request 1216334 from danishprakash)
licensedigger accepted review
ok
anag+factory set openSUSE:Factory:Staging:H as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:H"
anag+factory staged request
Picked "openSUSE:Factory:Staging:H"
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
darix accepted review
Accepted review for by_group opensuse-review-team request 1216681 from user factory-auto
