[PATCH 0/1] Need a way to disable iptables for dockerd.

  • Done
  • quality assurance status badge
Details
2 participants
  • Alexey Abramov
  • Mathieu Othacehe
Owner
unassigned
Submitted by
Alexey Abramov
Severity
normal

Debbugs page

Alexey Abramov wrote 5 years ago
(address . guix-patches@gnu.org)
20200816080616.5529-1-levenson@mmer.org
dockerd enables iptables by default, but if you are using nftables, you need
to disable iptables to make it work properly.

With this patch I want to add dockerd argument.

Alexey Abramov (1):
services: docker: Add 'enable-iptables?' argument.

gnu/services/docker.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

--
2.27.0
Alexey Abramov wrote 5 years ago
[PATCH 1/1] services: docker: Add 'enable-iptables?' argument.
(address . 42886@debbugs.gnu.org)
20200816080907.6106-1-levenson@mmer.org
* gnu/services/docker.scm (docker-configuration): Define the argument.
* gnu/services/docker.scm (docker-shepherd-service): Use it.

Signed-off-by: Alexey Abramov <levenson@mmer.org>
---
gnu/services/docker.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Toggle diff (36 lines)
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 937dff7bdb..98d9c4355b 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -56,7 +56,10 @@ loop-back communications.")
"Enable or disable the user-land proxy (enabled by default).")
(debug?
(boolean #f)
- "Enable or disable debug output."))
+ "Enable or disable debug output.")
+ (enable-iptables?
+ (boolean #t)
+ "Enable addition of iptables rules (enabled by default)"))
(define %docker-accounts
(list (user-group (name "docker") (system? #t))))
@@ -91,6 +94,7 @@ loop-back communications.")
(define (docker-shepherd-service config)
(let* ((docker (docker-configuration-docker config))
(enable-proxy? (docker-configuration-enable-proxy? config))
+ (enable-iptables? (docker-configuration-enable-iptables? config))
(proxy (docker-configuration-proxy config))
(debug? (docker-configuration-debug? config)))
(shepherd-service
@@ -115,7 +119,8 @@ loop-back communications.")
'())
(if #$enable-proxy? "--userland-proxy" "")
"--userland-proxy-path" (string-append #$proxy
- "/bin/proxy"))
+ "/bin/proxy")
+ (if #$enable-iptables? "--iptables" "--iptables=false"))
#:pid-file "/var/run/docker.pid"
#:log-file "/var/log/docker.log"))
(stop #~(make-kill-destructor)))))
--
2.27.0
Mathieu Othacehe wrote 5 years ago
(name . Alexey Abramov)(address . levenson@mmer.org)(address . 42886-done@debbugs.gnu.org)
87pn7rgddn.fsf@gnu.org
Hello,

Toggle quote (3 lines)
> * gnu/services/docker.scm (docker-configuration): Define the argument.
> * gnu/services/docker.scm (docker-shepherd-service): Use it.

I added the corresponding documentation and pushed as
2b68a96422575b14e54c9a7e3d0033f6231a6b4d.

Thanks,

Mathieu
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 42886@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 42886
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help