From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E32271381F3 for ; Sat, 16 May 2020 23:59:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A40FFE091B; Sat, 16 May 2020 23:58:59 +0000 (UTC) Received: from mail-vk1-xa34.google.com (mail-vk1-xa34.google.com [IPv6:2607:f8b0:4864:20::a34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0B6EAE08C9 for ; Sat, 16 May 2020 23:58:58 +0000 (UTC) Received: by mail-vk1-xa34.google.com with SMTP id p7so1537791vkf.5 for ; Sat, 16 May 2020 16:58:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:autocrypt:subject:message-id:date:user-agent :mime-version:in-reply-to; bh=UuPDhrWrOlzn4RKgsy4Ce6gA1x9t3Z8Ov4Ejm7lkW9Q=; b=QOOYZlB08G4kXQeYfx3p7urNkFTckZgMeQjwLDcZtLSxjapua6QtvOHON/UDG3RrSM KcJgHVCYBu5tqmjVBD7Bw/YPvyHOZpk8AFl5xHoI4FgB2zKBiPB4wGZpq9t/wHTKDUFw 1rXNn/7M8RT/a8qPXLLqzMylWrPZgXnPE9NCdtIYHMz/DcLV7v8+KX7bzIDxaWNRbV3b dXgTqxlwgsnimTTjxthrWc5Th/HQGYAF2sXcJNfjR/TfJmUA+SknvZBmPnIs2lCXpI2A vzaKjf+y0TKoKDagCTQw4nOgkztzgBRom6wdjYFWKJ8KNIs4Um0Wr4sANdgfSx9NhRPE 6ujQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:from:autocrypt:subject:message-id :date:user-agent:mime-version:in-reply-to; bh=UuPDhrWrOlzn4RKgsy4Ce6gA1x9t3Z8Ov4Ejm7lkW9Q=; b=G3NCdME87L8PchrCY3fJBK925Pu6K4hwVJv9L3xjuPLk1yLle8dgM7TC2NDhiRZXqt Kb6lxmhkT6oJi4UAAPhsykxBYcJji7bfVz9+zaaiGSbJL4QkuRD8GulkM+WKwTb0GwuD CX7YR912y3QngzIL1i+tdO6t5IPTKBqZRR6g0QIJ5LXpA3R4FRueaqsFUdQR8csNlm7r L83XvtORNId6zKGl4GBu+/7IWflcoG65C081bHc/xHfQkJvDGsgBPAhkULBqKa1UR174 RbYzfBhL2PApQr20BnqgR+tKLGZAOgkrTld6TYWk5vOjrJSJKYMCQDNLcuQFd+vTHryR u/OA== X-Gm-Message-State: AOAM530b8H+0pws44Ds5M8B9OHobFVTFEyxB5BW5XAyslidj+v8F/7+8 4oUXEjk4f2eYeLoRuY2KWMRPpFL7wHU= X-Google-Smtp-Source: ABdhPJzGO9UZtNEeXfEvTfy1+74QGATFV2itFyVhdFWkjaL1L7U5PeZyMLXRP4gUiHLspR6LvJqXUQ== X-Received: by 2002:a1f:284c:: with SMTP id o73mr967260vko.82.1589673537545; Sat, 16 May 2020 16:58:57 -0700 (PDT) Received: from ?IPv6:2602:43:e8b2:ed02:aca6:ed12:9cab:20fd? ([2602:43:e8b2:ed02:aca6:ed12:9cab:20fd]) by smtp.gmail.com with ESMTPSA id 66sm1596947vss.16.2020.05.16.16.58.55 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 16 May 2020 16:58:56 -0700 (PDT) To: gentoo-user@lists.gentoo.org References: <5357792.DvuYhMxLoT@peak> From: Andrew Udvare Autocrypt: addr=audvare@gmail.com; keydata= mQINBFOdSyUBEAChmGHO21xk44a8sZTjAMK2G6NZpson6ekB6sGriYgFApDAEQGvnd5btdRH aObx8whfPb+NB2QshEKyBsRTtpwSfePuMzcNEYFVJGiuOH2EGx73zRmydpZxetBJaba3oWMY ivZ7MhoNsBO1bEYvyrmtXJBrotnMfMAH4HDIkRwEES4KtGXpNK6rVCXFiRNtwqaqeOmGPzEG soESrmi3hAFm4QUB0KAsvdQ49siFbZFZFNbVGAv1wqQa6xrTaNK3sw3rsRmj45wsMY/agWZC M6Jh9X9R2OMFV2ypqLCOOMF31Jiv/wV7i739EE8F9u2rCITa/ATC+0+9Lr22rcKudrkkY4Wg CMaKkmm619Edd5arDPo8GCCTqKNQjArvcl5jQHyxMsmiSFKG1MlhoFSeVCC/c0ScvEeziErn AuEvs9vjiNWwHN8+mXJMULi999Pqu85itjDc7OgyUSXY2ZvuDBimxOEN07Tfy4aoVov7Ulls l23XvRoHSD1h2SfJTqEJTu88s5P6TVgpszcaFpxuC8KS6guwW6s7SMkG4ujAdlowx0+MKs2Q /wiNYT4XcNmF8XBTrEgiIfVewxKgfthAWUCHNEJFrZpvruJxt31YuGPPp8CkhxxHTYMsyRpO 7RcRYGGNsgzXxLMX5zqbjqdUtns4p+6DKd4lhmYMcybOxb+ypwARAQABtCFBbmRyZXcgVWR2 YXJlIDxhdWR2YXJlQGdtYWlsLmNvbT6JAlMEEwEKAD0CGwMHCwkIBwMCAQYVCAIJCgsEFgID AQIeAQIXgAIZARYhBGCvdPOI709JMcCOOBr9mvwSDCbdBQJbJxjGAAoJEBr9mvwSDCbdH3wP +wcFbqwkmbusNdIpjjWEKlPj1spnU3oGr9ikByJUg5qKHDSwlCIaZAVqbIh0SD1DZvAami1P LUh0684MTf6HKs/+EPiy/7GqWpXihXw1wSawnPqmCqC91Vtd1+peXyMZCi7dx8PH/SSpnLmm jxtbMmn/qesxpTms+qEc+gksfu5F9mQ2RS1sazTCIf7eBgdNgq/beykXa8lZU9Ek9NjbG1pk Sq9hXgA/AUlaAFAXX80dvNkCYvVrgq8ucdfcbvESudBDr8Nt6eXeWOcwTYvJ2h7jetavqpZz rCu7SbL2tmVnj0uBgpkmdmOudU5OMw3M5f/y4PhnXGuwu4su43NRP7gyOVmItc36HEXSXwM8 tMbiHV/Rv1FdNxqf7OfKOimlYp8Psu7Ntd62byxuvyLSie4EUNBj0StxaNHUQ1FCiG7si4jE 2szWoRRUQDpPLe0PYfJQsCF7YXoEfrjUVRqqTGpDWovZ5SLlFx6TZpGSyYQBgJxfWXor/mcM i+nSfTUKFCFVNJObadpppgHVrT1HUGLy20dq3CLNwG8mAvYRMAUS51Q7ssIn/Rrd/ManSNa8 eDzfxSWD5L3gdYfluJeaaT9gCz/v7Q2wt80+Bpz1shDzqC524YAGtXhLJ680z9z8wpJwfr8p KD+3AA7Z5P9Z/e3jzdAXm7j3AXiLDJLgoRFRuQINBFOdSyUBEADHokxkZ4FwDIqyf1ZULG/b vwEvK4UWqP0QmUTSHBdd+bgPWFT4YvUurFftgZaYay1GJaOPjYTy6+oeYFwIrb8RqKhcAR9l 4+U4MSlZniuxc1l8xVDUdX0zw6rP/L9wsDdW2lmnlNuOD7ZybwekeBp5N4on317r4TuetdFV IEDT+LrtJFl5FYU76Ru9l6g3M3HkLWFYocwsgyyAS7dZHXS4KXDZ96H9a9IVtxTh/XAJl/7x 395A0Nvjp8+cYvYm+pravw8ByF1UJ4PfqIMkwV8YwvCt185kvQXrBBgooozk4ryuSFzGlTkA jtrhJxnIZfzIaahyCd1ju/zbxmIwY5nfZVnCX4+dM9t7ei5iUZ1Qxhkf6Tl8gRwoKrKjjEay x7S5ob5Du3tOeyFInuOEjxtIRYcplCSy1Qb3jcGDF5osXugVxaxfwOJi1hRu1ntFHy7J3ibX cfYuBaruzT8OP9DVLWCyS/D8JQJ7PiRkMiNiITDilzK0hZo2i6oA0R7WNnqypeaZq+avQpAt rVwkK1wZApfxwjmBSngM6VTGCzOefvE8PNCd55UmT9tkByZq5iknCWF7rbie1wD6s9x5bwLX uK0Es5UV4lBOa4aSyW5hhFe0OFwflrVpKYC56yopHyUFVhx4BA31MsVNNmb0JUfZJ+blDhsP +ll+P8BzqF13tQARAQABiQI2BBgBAgAgAhsMFiEEYK9084jvT0kxwI44Gv2a/BIMJt0FAlsi aocACgkQGv2a/BIMJt3rcw/+Ku0d1/IAz4l+3wy6inDz/0bNBO7V7tXPydVgZOe1LwbCwMuk SN+rq9qhgCAM+A/5lwdRcmIlfbGTy9AyFc19p8yiIgksR0t0i8gqbu4Xs+RrQcFmZurBXoFc s28gOZI2/t5Tj455dET2amLZ2aiTDaYBbqxZa9vfS5alfWsnvd4fjW4Kr1rEstTFdfubCX/N BYsSiXSzfGkLgOjuiLDBA3TYtaTTNPC3mx8wC9wq80aF2xiZoGeUW2ecrBohmksgdgkcqqGk iG0cRDZX5O+h1RJ2gZu90MXIThxJmi0ne1c+oGpZfRkNSteDK/mFeK7RJTb9XrBiZuWOIjf7 dpMoQfGN4yjEqOvedFZeg6jE6wZiEzdCIwOJkf/uOtr2Ohd18hek4evdMzGzUVv4JzA/l8pg 9tIHf7d/7Am0aAbSMXv+TECKxLHDoOI7KQL/flgTy1Vdw4q/WJB8yirhoSng5XgrB1A3W8Fo 8m/G/Il9R5VGTPTMn4xe+UbMCBbLqoNfr5p3KWqSgqLQkP0YSt4G/Rcw5mJnbgGyw9UAM5wT PDT/BYzFQzmsk6467hsTjMBK3ka0VjKAJQ/AMfUgY9cLp4M/agkxDb0cKagvy0mf8argIgM0 005cauU1nTb0v+L9S9sDcVvHOjRVDBR9mRzRpoxbGiAcBObVqtMByta0tuA= Subject: Re: [gentoo-user] Kernel config for Docker Message-ID: Date: Sat, 16 May 2020 19:58:54 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <5357792.DvuYhMxLoT@peak> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="kzwX4ja9RihC7YDUptrCocx0DHBuvbqJZ" X-Archives-Salt: 3f6bb58e-3120-4f65-b11e-4a6257c04e1c X-Archives-Hash: 7a8a56d5512d6511eb4d2a7fd0fbadb4 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --kzwX4ja9RihC7YDUptrCocx0DHBuvbqJZ Content-Type: multipart/mixed; boundary="9a8FO0g1742xw1qttp5H4s3vFyhsLQm9V"; protected-headers="v1" From: Andrew Udvare To: gentoo-user@lists.gentoo.org Message-ID: Subject: Re: [gentoo-user] Kernel config for Docker References: <5357792.DvuYhMxLoT@peak> In-Reply-To: <5357792.DvuYhMxLoT@peak> --9a8FO0g1742xw1qttp5H4s3vFyhsLQm9V Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 16/05/2020 13:12, Peter Humphrey wrote: > I can't find any of those. Any clues for the uninitiated? I am running Docker fine on 5.6.12 and I am missing a lot: - CONFIG_NF_NAT_IPV4: missing - CONFIG_IP_NF_FILTER: missing - CONFIG_IP_NF_TARGET_MASQUERADE: missing - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: missing - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: missing - CONFIG_NETFILTER_XT_MATCH_IPVS: missing - CONFIG_IP_NF_NAT: missing - CONFIG_NF_NAT_NEEDED: missing - CONFIG_IOSCHED_CFQ: missing - CONFIG_CFQ_GROUP_IOSCHED: missing - CONFIG_IP_NF_TARGET_REDIRECT: missing - CONFIG_EXT3_FS_XATTR: missing - CONFIG_INET_XFRM_MODE_TRANSPORT: missing - CONFIG_NF_NAT_FTP: missing - CONFIG_NF_CONNTRACK_FTP: missing - CONFIG_NF_NAT_TFTP: missing - CONFIG_NF_CONNTRACK_TFTP: missing - CONFIG_AUFS_FS: missing - CONFIG_BTRFS_FS: missing - CONFIG_BTRFS_FS_POSIX_ACL: missing - /dev/zfs: missing - zfs command: missing - zpool command: missing In regards to NF options, I use nftables and I manage the firewall manually for Docker (I set {"iptables": false} in /etc/docker/daemon.json). Docker has been extremely slow at adopting nftables. You definitely do not need zfs installed to use Docker. This machine doesn't have it. As Victor stated, CFQ is deprecated and gone and BFQ will work fine. And the script is basically for Red Hat (or corporate) users who still use iptables, CFQ, ext3 apparently, and a much older kernel. On my slightly stabler server (running 5.4.38), this is the output and Docker still works fine. Again on that server I use nftables and manage the firewall manually. The system has ext4 for its root and the rest of it is ZFS. - CONFIG_BRIDGE_NETFILTER: missing - CONFIG_NF_NAT_IPV4: missing - CONFIG_IP_NF_FILTER: missing - CONFIG_IP_NF_TARGET_MASQUERADE: missing - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: missing - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: missing - CONFIG_NETFILTER_XT_MATCH_IPVS: missing - CONFIG_IP_NF_NAT: missing - CONFIG_NF_NAT_NEEDED: missing - CONFIG_IOSCHED_CFQ: missing - CONFIG_CFQ_GROUP_IOSCHED: missing - CONFIG_IP_NF_TARGET_REDIRECT: missing - CONFIG_EXT3_FS: missing - CONFIG_EXT3_FS_XATTR: missing - CONFIG_EXT3_FS_POSIX_ACL: missing - CONFIG_EXT3_FS_SECURITY: missing - CONFIG_INET_XFRM_MODE_TRANSPORT: missing - CONFIG_NF_NAT_FTP: missing - CONFIG_NF_CONNTRACK_FTP: missing - CONFIG_NF_NAT_TFTP: missing - CONFIG_NF_CONNTRACK_TFTP: missing - CONFIG_AUFS_FS: missing - CONFIG_BTRFS_FS: missing - CONFIG_BTRFS_FS_POSIX_ACL: missing Andrew --9a8FO0g1742xw1qttp5H4s3vFyhsLQm9V-- --kzwX4ja9RihC7YDUptrCocx0DHBuvbqJZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEYK9084jvT0kxwI44Gv2a/BIMJt0FAl7Afj4ACgkQGv2a/BIM Jt2NnBAAhvNvE2/Cawx9M+GrCC/25ort/Mmmr3U6Yot28Lwa3YNOMdi2Ed4e2n2B 8sRQkZ+qNVHXpmBT2Bc+HP0czoxR4h16UE6Bp8G6fEG8A/3A391uRBlg7MOGdfaA JVeNwffJEdiiGp3l3FgLL//QUEzihZJz+LwqCCUV56abbrj7z1fAXaFg744gcjfx wWI165hZxZfXcjwiA/mnUpeRt0POrL+IorXEijjouMIQ/79vbAXB0gF9AP8HEx9x bCnN1EvkJ8cRWxaM+GYjTfaphQXXsgQy6z0yOmjR2n314vx6yRBGQi/T5EAY83Zx K4kkVBgAj9PAG5QI7KXx8kJAMFc4BIiYHuaEQ65IpLshfAos5rTwKde+j4kx+E4U 9mEYTgmQpGvMw4m1BQQLrQM+RrP6B8ugqmmAYxS2zbEtzfEkqlCZVMaNhqNGpF7Y 8NQwegEdYfHStONCb1z+dm8ct+2t7JoJgiRx59wnL455+fpXKI6nngwzlYP/2kUz ui0/m4wIIA30Vn3egnmGCtXcrKq6LL2q9obEhbdXNlJryGfTyo/aJIV+h4wPONdi rKW3ZiARcQ2rdhb9a4a2pz2X/Fp9/v3/vvzqpOyeGxpD/2/s9tSWQ4e0ZgZiswc8 JfUcbD96Yqu9lbG4gzEha4s65juyES6cIBdLxoJrL4wb8rx9DPo= =X8hc -----END PGP SIGNATURE----- --kzwX4ja9RihC7YDUptrCocx0DHBuvbqJZ--