From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D7DF51382C5 for ; Sun, 17 May 2020 11:26:15 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 74259E08FC; Sun, 17 May 2020 11:26:09 +0000 (UTC) Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 29187E08EC for ; Sun, 17 May 2020 11:26:08 +0000 (UTC) Received: by mail-wr1-x442.google.com with SMTP id i15so8412687wrx.10 for ; Sun, 17 May 2020 04:26:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:autocrypt:message-id:date:user-agent :mime-version:in-reply-to; bh=kfQ8yrxqe/CJmv7yAldZgI+j6cDvinSSJ35bwpsixhw=; b=KiuG3q0cjfHuCgavg6rOvnNT518rfmWDuCDGDaHp0bdGxxw1mLUnz+qCi24d9vIs/l 5YEynIi1NB6XmJsCLTfulV0Mnyw9L32G88EHqoGoldM8Vemv9e9w7xIWPMfBMSbcQV9h xjMO1bjuLA7/MKJCApPmT8gj5TUtZpM9Ae16OdTUuBjGimy2zqq1HDa74Wh06Khnwn4V 6Xu2LjgyJplhKwwkgeJkMVlGnLPLNG7XAOl3fVrmFHr53t9XQAINaH4eOGoBIlMKKL7k OwQzcfJ4KwExZPXGNQCarOqUBowX7EEqlnX0cRZ8r3NWAYBQbbe3Oe+oRKT0QKQ6pHf4 kUAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:autocrypt:message-id :date:user-agent:mime-version:in-reply-to; bh=kfQ8yrxqe/CJmv7yAldZgI+j6cDvinSSJ35bwpsixhw=; b=NU7JgtXC6EelFZP2dHt4EIjWQ08Jgy5iUMMxrsEmdA2fCfL8/nSkc5p7nuKzhQnMSc WVhO1Nu34UVl0GcF1hz3xoQbFnbJEqx30S7osdlfxYHL4mr/pJtdajA9ICcb9AI5iVB5 9xLakDe5aDNZ3JhWty5xdqqvsX4rYjgCNFfWUkZXTldu+vS/VUX/KSBwwxm1v9DgE38C 1yRh0X0+7ngXDmLEQxnMHOoqO5Ab48u4AZfGx+Q7SZUjZMedyW3UR3UI9tCpciKHAhWk 7eJMVA0Do9SdNW+4tFCCPJYRlwoRoIfo1aBeciRFMJg4UgHDcIu7NBwGrkEL1zX3Wb2o Ugjg== X-Gm-Message-State: AOAM532ucjuB2PDlgCl1ZAoWM93EpQD/59akH1Vff2lQkvGF3jeCNc8Z y340AVepStN+loCdvBHLBYEkCq9bFl8= X-Google-Smtp-Source: ABdhPJwvMNc8dj0KBj9ViCW2/BkN2D0BhLRw0vhwpPYX/RK4S9pHQGX2DMSMnLrUS7aHMTqPm8hVTg== X-Received: by 2002:adf:82c3:: with SMTP id 61mr14711146wrc.326.1589714767207; Sun, 17 May 2020 04:26:07 -0700 (PDT) Received: from [192.168.0.65] (cpc148898-sgyl44-2-0-cust897.18-2.cable.virginm.net. [82.34.183.130]) by smtp.gmail.com with ESMTPSA id q144sm12291725wme.0.2020.05.17.04.26.06 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 17 May 2020 04:26:06 -0700 (PDT) Subject: Re: [gentoo-user] Kernel config for Docker To: gentoo-user@lists.gentoo.org References: <5357792.DvuYhMxLoT@peak> <4243942.LvFx2qVVIh@peak> From: Victor Ivanov Autocrypt: addr=vic.m.ivanov@gmail.com; keydata= mQINBF3g/JMBEAC4yM5z5iFHFBU8Zf92ZRB+6uH3ipSWXBYpP+23cdjXO0CFYnUykGSwzYb4 y0/nL1r5FDiNyciRb00QorIHqgi32yzTxApDEb12Bt0xOp8fbSIgEQcwU63Ig7IxQ4PRT5Wd dXdwvtU2ZntcrtDLaRM7ukjqlistrZQGWfHfuGW/7clD8huRVGywHSxFlkupfwVPzxjTQt1T KUs0zsbl4pmXgXfCtQT1t5I9XgJ3gjsh1k0iHaoTubdJwEhukeTNMOIDQACU17Bw/M0ZB70x TRpweOmXOGvEgX9JJQsNnllfo+Uq9vZ2YARc/T576YPNDbeMT6ili/Td81r7gjYGHF7vHaGr 8nWl6qp1/saqMaIlRrg+cpbmMx/p6NrbunYUq4uG73cYE4vW7IesvPqyFNRpYOpO2k482BJn WjsUlN7WqSMvBSVelxOzAAliieUbVft6YfqrLcm17W0fsxIse3i19u/qYP1eWIzHYNy+4rsr S8MIvHlEdL+2cvyPDzKv57G5Vo1sfBp8tkAcBEbYBVM8YLm6UU5nPFJxhy4Hly0MzYaPfsuy Le4D3VcjdLtXRVqISNnpgIjqnnPNuNcQf2e0olEKyv34I1Xd/th/2OozLdmSzaooyzI1fs1Q wbUC2Tpmi5oxlCXOw3HwJ/V/GhOGYtr9lA2AaouoqGf9xKCZxwARAQABtCZWaWN0b3IgSXZh bm92IDx2aWMubS5pdmFub3ZAZ21haWwuY29tPokCVgQTAQoAQAIbAQUJAeEzgAIeAQIXgAIZ ARYhBIsM+jNKfukNfT85Q22UeoIMUN1ZBQJd4P/nBAsJCAcFFQoJCAsFFgIDAQAACgkQbZR6 ggxQ3VnWYRAAlXiNLrRWlDn5I1sm753dxjaN4Yzlfx3wS1NdLM7/v1A44R3wCEzKOiB9oP6Y OqCJOxDeFnWsFZNVM2NcAvgF7py0Wo9/k2Kj4ZG4LCnrYLHlYI6lks0kqubiIKBdeCMpgR2/ AuU0xjUgtGur/TH6VIL5omA0NK4psPnUe/Lomfim6J18++oROhXoekZ3TkHwdt2aB7Cl1iOf N5scJWvkG+vapmtSN5A3vwFda+Uf1PG8SgZOtlmnlrLGUnvPcUKtcCO6m7dZZPfboY9jusG9 IOCZxrexHYbo0zqSaKoaU0TBqFmVO+9jddqC5japWQnuw5THQ/ehC4UJrWovYEeJtpo8lAsE gP0CImo5p5zM7JmntvXO5N9R3hnX1GQnBU0kKL93uQj6pTeY5S7SSdO8nEKGQzuulB4vRMpS RWlSA+g5Z3NLKnslq1gs9f4mtooGXj/6SShKE+lLVPpPGfkUElhzGfkLMgH/pGRsoFUFDzbG YXDxCxat8v9OCo3hpR9ouKWoxj1jDRoc98AufN22giInaWYtn9CBWfNuamvXlXgk9/oSI9fQ hWBKs0t8xdXsmdFEakrR6DVjuPKGGe9Wm2aRd4rdI8pQanNTW3SmIS5nMvbPJ4f1z5N6joc1 BIcNv4VWz8nZApPpCsw/TZMcqxOkxaDhi1Tgf06LMWIN+6S5Ag0EXeD8tAEQAPWvRL9eauw+ GTBmhmUJ6KY2IjxJi67VEAFar+CZwe8py3UI5CIoZEBjifYEC43hV6i34VrE3CBu6uVmjF69 AeBAd93K1kXvmXcCAaxbzh3xLr7OynR5fc0rliJCtqQ+l1PHbcH8zPcgNX1P57wnXLBrd6H7 p/Zfpn1uVlVwzZG4qtOuT833EbdvFhu1NvYrzwoY4rTgUqeZsNXkaVI9g6fp2GsMV3lHNzI0 TuRfr3ATtkHIvgkr9uLDYiFexu1hzlsVfckTn0XP21CjWOtMB/gbkoue2CGyFcGCstsx0aeY t3JCnWdv93LRNRm30VQmOaxrCBRCCAQWSIzuW8s290iWv7jTZYj1V3QLauHBybUSVhwiqpRq SnGEkFdEnlKMGo2LwodyMRou1iOxP0MSXJCrGdDz2uaPMC6ZrTH8ExZIdmWzpI3bMosAK9A1 0Vnmz2GbmZMFWS1Gkel0adICH5sQiqjRTElv6s35f81B+bft095zfzU72Nur0aj418RKucra WyJIE4sNgkNFTKe+61nw2XcX+n2Tp/qXnctc2FC3Qxjp0I96Ef/dV0OXa1hkwCfiJqRAe7cG EIhazh74y1DjjXyzSNl1CKOmeYjE4tUcjQ0mRPJTkTsarTUYBev4yZtYYQKFsTpPVT2GpL4g /9Rzg1JGPxWJwJCz/QUwNTGXABEBAAGJAjwEGAEKACYWIQSLDPozSn7pDX0/OUNtlHqCDFDd WQUCXeD8tAIbDAUJAeEzgAAKCRBtlHqCDFDdWTTND/9VRrwI13C4UC2tZx0DCVvFKqGsyd7h nfsGMnM1hcOaUUyRUrpaoTYIc59mVuTnIg5b1LuUkvFFm50uq5pK2E9VxtAi3T/qlTIoe3zX pavMMOj67p3+fWp1zz+UBoUvZEzsYtOzhAEsBSEoUxDY5bxrPlj5KGLXm6YjWvlo4jjbwaAk N113TP0koaIWbCvaz+GNVHuZ0/s9lQwydIpbGdpZ4KuDohA7SadJtV6Z9aPYo9sybY5iX/FT 6/0AF2IvBfuiVbLpIgsI/aYEA5ROIHe2DqzWtRUOfydSPUKb+4U+NzgVwpOMAc3p55kv3V3h HSdgnebVPlLLCtRgAVnYAyo99MOAeXcmM2PRn5pSwX/etId4uPXA9N+c08F9vl2cpqg2oGaO jsd4ZFmhd//g7nUpNDzqZ5h7bx7ztgn/srjO2BfOF53HrzjYjDOqE1mUfTTQhIxweW+3+vRo AgDNJgkMHYcDBOabzqwliWEATlY8TBsCi7ATajX1wk8ZP4VvtIHFMjNc//MumZb5VEe/VwmC l1SNCeVioy3Smm76NApPT7EEvrEtoKEeJXKoBJwoErkQkuccEkGpkhuaDupeXcrm4cqknHLB b106Qm69jTl/8xRqLreSxTz/vPxEAFdf1S0XXwXd3RHHi2DBYdQ/dlHzJF5aWtOr+WADz/iT 07V84bkCDQRd4PzOARAAxf3teIWCgoqYmwfEsZgDoXn8LIz8eL93D2LBnW4tikQUESFvF1V7 +BASk8cfbwgq2Rw+M87ITBZWcQ2pRcaImZc0MBP1Yb5TrAd6YuImQfHY2rkdw4B2NI4PCx5i mEdtHF0fAc7kOp0slNHrg3NVKj+1YIz3YMaHnSxPxe3c0kcDRyGdgfpJXsT6XeMqana/QGgR zo/i1NFeOcAVChwD/qCUTSVJcIeFCSah5XXUPrxdeEi8YUl7WlXtb+enOof/2LCz3dYG6vOn Hmn6M+Tw7VowLtC3plg6NmtM+9S3905DBxg2tFYtoE6RfzDmIJOoFZH8CqH920nQmtE7jN7R gcuMV/+RszfyT6q12XAS+/R/no2+MuaEtFKazfP7IYA3KHLsGzxlex3LJKPQLiKSFi68Jbgl yJXskxwCuJN5YLClFlnkVmXuuZ7DVk5dTTnc7eTVSaU09fAy7llz/Iva4KVpH5jxl8qJYdkG WiJkcBJ9Zk+oNhuoKwMc1jOveaRzzfBKU4NGCMYiCxtiGUXfH8EgDryUxcaUE3EmcA/RGUM1 hL81awOOQXR4mzhjyAzakFiJsu+qOv7R8qyl4aJ5ZVk4mDV8f0Ds5DlWngf6gTkl/AsDIuvE 5DpeG3H4IBCHCmjoaWNHouI6DdWkA42GpvFpEkcr6QT8yxceqsD+2ZMAEQEAAYkEcgQYAQoA JhYhBIsM+jNKfukNfT85Q22UeoIMUN1ZBQJd4PzOAhsCBQkB4TOAAkAJEG2UeoIMUN1ZwXQg BBkBCgAdFiEEKFZblUJabdsjGSQvxx0QR+MZjnMFAl3g/M4ACgkQxx0QR+MZjnOHBw//e2BK d+FPZihrgdB1dpBGS5C16v+GxC5VmIQ3ldifxXch+mLE1qQ6b3PINdkQsd1WKZ7fPiHyFoYq 0DA0LZZ4LIBI61MauWO5b7j8OEZR/ik/+dV+hvoxnBnTtVd2eBQoKp2GNBw7GiLmt6jr/uW7 LY2uD+zQgV+L38MfGEkwd4+keZIRR3+jl69/jvGHub9SOKJ07GyfDhaXm83GufXCdw0Wli8f pqLGL06pfmSZFiQ3LtPQqB+X5DpAljbqGV661RZR1DiQa6NlUcqqVRw1pytWN29WzbNyKz3W zu7jeTRd1M+XtBoY6g69cCeu4ITr7nFNyckoKu9djZLIfuaLRYUeWxgM9eYezmz1N1S3Y+E6 QwAaWdajioSZeWvsTJU1rMCTgWlJSQlYog0LlbKskccvVDilV9cE4Wq05r3G7bkt4q/uGuxl jCtJzLp0FewOID9cyMqLKDwQ4LnKKjTtNDX7O4B/SWJSncErFJcVkTQQAQix1FCuXfjFbOmr LCDigES5hiRA3Cge+bhwYn/Q+nQCvF+cE9Ohl0pf4RPZ+78kwKzeavnoUiDJ6Vbgqag/OsdE w2VnxWldmWbtFVGSHh7P7Kqz4NwNyQFasm6jZypE3kV9TbTaGcWQlq1fLRIlWsARvXYAKE/c LaGW0oZNBSm/CpGgXxhmkeyosmggNRQRoA/7BoMl42Sn46DfTMhH0TwptsAAFjX488nBhPQL bqxVzq5yO52CTeRafMmtx873JMlh7u14pP59AqUeYgUqp9Wyg8erLV6CKa4Xll5cj22w9OhH xJ0G8cxPIbZGrc/8/z4Mr6AHfT8DgZ2Ez5siU6IuygM7YTMQjzGGJPqDWcQrf/37NuVd+sFt oj008BxqpBD8kQ7+jV5rR/o6FJ2CGebjouJTaTcPIIdsga0ych1RYiTioh1OPuj34YYf6I+B xqJGCd084m/EdP6zDvJVLDxkOMuMGpVSwWrDQcDWBSd1/AfzQmyC9tsYLoxrFYYDNPXp/QxS LT+yz0T2p2JRuZDMGCyLGRO3YLQATJQgPLkpHrZR5coSliuVeUG68iX/55h/dop613g1rdzI seOkJqSC02DVP7kF2E7QHDMxLpCDnsmomlW7uul/d+yF6oDjCuLSAlngVBVkVwl6NIrcSkuh em9Y0+2X9tAVTAdc0V2Ctt7p6stGEBx7RFEimpwKubXpUQ/OReiTr2IxpMj6o4lFoHKL9heA C3YTpJnOGV00jLPhjOgEqWxLmnRmM8E3wtgLGfItoAjDN8U/qdNVoRpWfFO/rPOEugvT31rE MTVdmb4EJtRvDHLGUQ6JeHMm/ftBJokS2bO8HDjslCXQ02I3wl/rZzbKQisstJwRqVM5TJk= Message-ID: <0bafeb1f-32f7-f5e1-96f3-8df849eacdf0@gmail.com> Date: Sun, 17 May 2020 12:26:02 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <4243942.LvFx2qVVIh@peak> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="tPHe2uqQ18S4mZyATmn5EJZ6jN9TrLoyc" X-Archives-Salt: 0a926f19-cf09-4b6e-a1d9-b2c9fa4318ab X-Archives-Hash: 0c0bc1662ba6356b99ec9aff51e83282 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tPHe2uqQ18S4mZyATmn5EJZ6jN9TrLoyc Content-Type: multipart/mixed; boundary="bpfrDz1arUITa3c9dY41IJEl1J6M2lcZ2" --bpfrDz1arUITa3c9dY41IJEl1J6M2lcZ2 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Andrew makes a good point that, of course, not all options will be relevant to a particular image or use case. The script is aimed to check for "full" compatibility. Having some reported as missing is by no means a deal breaker. Re nftables it's a very valid point as well. I too use nftables instead of iptables and, in general, anything that dares touch my rules I will either disable the option for it to do so or, if that's not possible, swiftly eradicate it off my system with vengeance. I'm not a big fan of how Docker manages netfilter rules so I too tend to disable that from the config and, as Andrew said, it has been slow at adopting nftables. It seems Docker is being developed with primary consideration for stable (read archaic) distributions that have long release cycles. If you use nftables at all - even via other software such as firewalld, etc - Docker may or may not like that. Previously, though admitedly quite a while ago, Docker just loved adding iptables rules in addition to my nftables rules. Needless to say, that quickly became a mess. nftables is _a lot_ easier to manage, even writing rules manually feels a lot more intuitive. So I think the learning curve (at least in terms of syntax) tends to be less steep IMO if you decide to go down that road at some point. Anyway, this probably wasn't a post of high contribution value haha Keep us updated in case you encounter any issues! Cheers, Victor On 17/05/2020 09:31, Peter Humphrey wrote: > On Sunday, 17 May 2020 00:58:54 BST Andrew Udvare wrote: >> On 16/05/2020 13:12, Peter Humphrey wrote: >>> I can't find any of those. Any clues for the uninitiated? >> >> I am running Docker fine on 5.6.12 and I am missing a lot: >=20 > --->8 >=20 >> In regards to NF options, I use nftables and I manage the firewall >> manually for Docker (I set {"iptables": false} in >> /etc/docker/daemon.json). Docker has been extremely slow at adopting >> nftables. >=20 > I'm still pretty much in the dark about setting up nftables and iptable= s in=20 > the kernel config. Not to worry, though; I dare say it'll become cleare= r in=20 > time. >=20 >> You definitely do not need zfs installed to use Docker. This machine >> doesn't have it. >> >> As Victor stated, CFQ is deprecated and gone and BFQ will work fine. A= nd >> the script is basically for Red Hat (or corporate) users who still use= >> iptables, CFQ, ext3 apparently, and a much older kernel. >> >> On my slightly stabler server (running 5.4.38), this is the output and= >> Docker still works fine. Again on that server I use nftables and manag= e >> the firewall manually. The system has ext4 for its root and the rest o= f >> it is ZFS. >=20 > --->8 >=20 > Thanks gents. I'll just try it and see what happens. >=20 --bpfrDz1arUITa3c9dY41IJEl1J6M2lcZ2-- --tPHe2uqQ18S4mZyATmn5EJZ6jN9TrLoyc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKFZblUJabdsjGSQvxx0QR+MZjnMFAl7BH0oACgkQxx0QR+MZ jnOhHBAAsK4U0pm55aco8PSmEb+aVxSdrJd7VQSnJcby7wICYXgi4bsCFDyNVUKC iOcAIgY3F/aYeoCPd/+517ZqSvAg358Jdagn8j3WQGeooz2jsO2FRM+jubSTOszi ib0ygBrTMYbvNKRuA7+5AfLlruHEfZrA1tF8T4U+o4xk730t/SylLS1nKv6vTHKg Hh/CH1DKmtdSBJSjxTzj61Y8priInH7tVJCGGYHSQZNUWmeHMY/mmhPHB4mwvdUp n1bb+JJSR1tuuRAtZ05DUGCsVhFIVgtu7EbleM5vFi/NbZSWviyTV0AK28L1EwDY 2UxZqdft877KClXr4NO5G1hQbkt5Qy55Eqz3HRrq4nfsJ/N9JruHmyQ31heywa83 7nqWpRbIMlN5cFDUjuPgNv9cE1x7Uw0l+2R3SZyyV59et4CE7bDV2ZzArIFax0tL HpL5NozH0Vagx2xiH4qznvVUVY0hahp4bauGT8Z+xW0idP6pJsC4eE5Ae8I2pM8L biaQ9XGyu4IyN7XnD2SX9Q9YCIM/7Md2y9cEwvjTZr0X4gmUhnY4CjuunaGjvhdz SZwBsGdoSPjQtThZ2uSWCc9gqDuuh7Tqan9nIHymm2e7vc7+eAl0AKqJVwwNNpf3 d9o8VsgOygzQ7SAss6p2NZz8bJZDEVh4LsCNBoExiCnx86DxPF0= =qnu2 -----END PGP SIGNATURE----- --tPHe2uqQ18S4mZyATmn5EJZ6jN9TrLoyc--