Browse code
Add a TODO in the Dockerfile regarding nftables
Someday, we'll hopefully support nftables directly and will likely then need some kind of in-container runtime detection (perhaps based on loaded modules or something similar). This updates the related `Dockerfile` comment accordingly (linking to the appropriate `nftables` tracking issue).
Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
Tianon Gravi authored on 2020/02/26 08:31:07Showing 1 changed files
| ... | ... |
@@ -286,7 +286,8 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ |
| 286 | 286 |
zip |
| 287 | 287 |
|
| 288 | 288 |
|
| 289 |
-# Switch to use iptables instead of nftables (to match the host machine) |
|
| 289 |
+# Switch to use iptables instead of nftables (to match the CI hosts) |
|
| 290 |
+# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824) |
|
| 290 | 291 |
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \ |
| 291 | 292 |
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \ |
| 292 | 293 |
&& update-alternatives --set arptables /usr/sbin/arptables-legacy || true |