search

kata-containers / packaging

Kata Containers version 1.x packaging (for version 2.x see https://github.com/kata-containers/kata-containers).
https://katacontainers.io/
Apache License 2.0
119 stars 92 forks source link

Although this configuration `CONFIG_BRIDGE_NETFILTER=y` is enabled, there is no such file in `/sys/module/br_netfilter` #1068

Closed Jason-ZW closed 4 years ago

Jason-ZW commented 4 years ago

Description

Compile kernel with configuration CONFIG_BRIDGE_NETFILTER=y is enabled. When using the kernel which I was compiled, I can not found br_netfilter file in /sys/module directory. How can I check the br_netfilter module already loaded?

Other modules I enabled can be found in the /sys/module directory such as CONFIG_VXLAN=y.

The same result when I try using io.katacontainers.config.agent.kernel_modules: "br_netfilter".

Environment

Running k3s in Kubernetes Kata Runtime Pods.

Expected result

br_netfilter file in /sys/module directory after enable kernel config item.

Actual result

I can not found br_netfilter file in /sys/module directory.

jodh-intel commented 4 years ago

Hi @Jason-ZW - if you set CONFIG_BRIDGE_NETFILTER=y, there will be no netfilter module - it will be built (hard-coded) into the kernel (not loaded dynamically), hence no entry in /sys/module/. It should be listed in /lib/modules/$(uname -r)/modules.builtin though.

Note that this touches on the idea of requireing a /proc/config.gz which would provide another way to see what features the guest kernel supports: https://github.com/kata-containers/packaging/issues/222.

@bergwolf, @gnawux, @amshinde - Maybe we want to consider adding this for 2.0?

Jason-ZW commented 4 years ago

@jodh-intel Thanks for help me.

jodh-intel commented 4 years ago

@Jason-ZW - no problem. Can we close this issue now?

Jason-ZW commented 4 years ago

Sure