tianon
commented
9 months ago Nice, thanks for working on this! :heart:
Modifying /sbin/xxx at runtime is definitely making me really nervous (both overwriting files installed by a package and modifying /sbin/ in general), so I think I'd prefer if we create a directory of symlinks in the Dockerfile that the entrypoint can then use PATH tricks to activate instead. Given we're already at the end of your day (and the severity of the breaking change), I hope you don't mind me taking over instead of describing in more detail and requesting changes? :innocent:
PR #461 updated Alpine to 3.19 and made a change to load the nf_tables kernel module if needed. However, as demonstrated by #463 and #464 this might break when the host system doesn't have the nf_tables module available. In that case, we should still try to load the ip_tables module and symlink /sbin/iptables to xtables-legacy-multi.