summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile6
-rw-r--r--contrib/modules-load.d/podman-iptables.conf5
-rw-r--r--podman.spec.rpkg6
3 files changed, 17 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 0a5389ce9..cb230d8e9 100644
--- a/Makefile
+++ b/Makefile
@@ -44,6 +44,7 @@ MANDIR ?= ${PREFIX}/share/man
SHAREDIR_CONTAINERS ?= ${PREFIX}/share/containers
ETCDIR ?= ${PREFIX}/etc
TMPFILESDIR ?= ${PREFIX}/lib/tmpfiles.d
+MODULESLOADDIR ?= ${PREFIX}/lib/modules-load.d
SYSTEMDDIR ?= ${PREFIX}/lib/systemd/system
USERSYSTEMDDIR ?= ${PREFIX}/lib/systemd/user
REMOTETAGS ?= remote exclude_graphdriver_btrfs btrfs_noversion exclude_graphdriver_devicemapper containers_image_openpgp
@@ -779,6 +780,11 @@ install.bin:
install ${SELINUXOPT} -m 755 -d ${DESTDIR}${TMPFILESDIR}
install ${SELINUXOPT} -m 644 contrib/tmpfile/podman.conf ${DESTDIR}${TMPFILESDIR}/podman.conf
+.PHONY: install.modules-load
+install.modules-load: # This should only be used by distros which might use iptables-legacy, this is not needed on RHEL
+ install ${SELINUXOPT} -m 755 -d ${DESTDIR}${MODULESLOADDIR}
+ install ${SELINUXOPT} -m 644 contrib/modules-load.d/podman-iptables.conf ${DESTDIR}${MODULESLOADDIR}/podman-iptables.conf
+
.PHONY: install.man
install.man:
install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(MANDIR)/man1
diff --git a/contrib/modules-load.d/podman-iptables.conf b/contrib/modules-load.d/podman-iptables.conf
new file mode 100644
index 000000000..001ef8af8
--- /dev/null
+++ b/contrib/modules-load.d/podman-iptables.conf
@@ -0,0 +1,5 @@
+# On fedora 36 ip_tables is no longer auto loaded and rootless user have no permsissions to load it.
+# When we have actual nftables support in the future we might want to revisit this.
+# If you use iptables-nft this is not needed.
+ip_tables
+ip6_tables
diff --git a/podman.spec.rpkg b/podman.spec.rpkg
index d02b7ea99..f810d0307 100644
--- a/podman.spec.rpkg
+++ b/podman.spec.rpkg
@@ -206,6 +206,9 @@ PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDI
install.docker \
install.docker-docs \
install.remote \
+%if 0%{?fedora} >= 36
+ install.modules-load
+%endif
install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
@@ -242,6 +245,9 @@ done
%{_userunitdir}/%{name}.socket
%{_userunitdir}/%{name}-restart.service
%{_usr}/lib/tmpfiles.d/%{name}.conf
+%if 0%{?fedora} >= 36
+ %{_usr}/lib/modules-load.d/%{name}-iptables.conf
+%endif
%files docker
%{_bindir}/docker
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-24 18:25:30 +0000