Re: ip6tables executable not getting installed in dunfell


Bruce Ashfield
 

On Fri, Oct 15, 2021 at 9:00 AM Fabio Estevam <festevam@denx.de> wrote:

On 15/10/2021 09:49, Fabio Estevam wrote:
On 15/10/2021 01:40, Fabio Estevam wrote:
Hi,

I am running the dunfell branch and I notice
that ip6tables is not getting installed:
After passing 'ipv6' into DISTRO_FEATURES, ip6tables gets installed.

~# podman run hello-world
....
[ 207.201607] cni-podman0: port 1(veth6b661354) entered disabled state
Error: systemd cgroup flag passed, but systemd support for managing
cgroups is not available: OCI runtime error

Does anyone know how to add systemd support for managing cgroups?
I had to add a /etc/containers/libpod.conf file with the following
content:
There's definitely something different in your image composition than
the core-image* (poky based) that are used in much of the (my) regular
testing.

In a systemd based image, you shouldn't need to specify the
cgroup_manager ... crun yes, but that isn't all that common a
configuration.

From my build this morning:

root@qemux86-64:~# podman run hello-world
Trying to pull docker.io/library/hello-world:latest...
Getting image source signatures
Copying blob 2db29710123e done
Copying config feb5d9fea6 done
Writing manifest to image destination
Storing signatures
[ 170.623873] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 170.629244] cni-podman0: port 1(vetha3693c5d) entered blocking state
[ 170.632659] cni-podman0: port 1(vetha3693c5d) entered disabled state
[ 170.633441] device vetha3693c5d entered promiscuous mode
[ 170.634203] cni-podman0: port 1(vetha3693c5d) entered blocking state
[ 170.634938] cni-podman0: port 1(vetha3693c5d) entered forwarding state
[ 170.635725] IPv6: ADDRCONF(NETDEV_CHANGE): cni-podman0: link becomes ready
[ 170.783982] cgroup: cgroup: disabling cgroup2 socket matching due
to net_prio or net_cls activation

Hello from Docker!
This message shows that your installation appears to be working correctly.

<snip>

root@qemux86-64:~# uname -a
Linux qemux86-64 5.14.9-yocto-standard #1 SMP PREEMPT Wed Oct 6
11:28:32 UTC 2021 x86_64 GNU/Linux

----------------

If what you are seeing can be reproduced on master, and your image
definitions are public, I'd be interested in seeing them, so I can
expand the rdepends/requires of podman to make sure it pull in what it
needs.

Bruce


cgroup_manager = "cgroupfs"
runtime = "/usr/bin/crun"

And now podman can run:

@iotgate:~# podman run hello-world
....

Hello from Docker!
This message shows that your installation appears to be working
correctly.
...

Thanks

--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-60 Fax: (+49)-8142-66989-80 Email:
festevam@denx.de


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

Join meta-virtualization@lists.yoctoproject.org to automatically receive all group messages.