[Release-1.25] Enhance `check-config` (#7164)

* Add missing kernel config checks (#6946) Add additional kernel config checks for NETFILTER_XT_MATCH_COMMENT and NETFILTER_XT_MATCH_MULTIPORT as they are both required to run k3s. Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud> * Enhance `k3s check-config` (#7091) * Move CONFIG_CGROUP_PIDS to Required Signed-off-by: Derek Nola <derek.nola@suse.com> --------- Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Richard Steinmetz <richard@steinmetz.cloud>
2023-03-29 12:15:38 -07:00 · 2023-03-29 12:15:38 -07:00 · 9e22489daf
parent 6c5ac02248
commit 9e22489daf
1 changed files with 11 additions and 7 deletions
--- a/contrib/util/check-config.sh
+++ b/contrib/util/check-config.sh
@ -177,9 +177,16 @@ echo
  if [ -s .links ]; then
    while read file link; do
      if [ "$(readlink $file)" != "$link" ]; then
-        wrap_bad '- links' "$file should link to $link"
+        # If no iptables is installed on the host system, the symlink will be different
+        if [ "$(readlink $file)" = "xtables-legacy-multi" ]; then
+          wrap_warn "- $file" "symlink to xtables-legacy-multi"
+        elif [ "$(readlink $file)" = "xtables-nft-multi" ]; then
+          wrap_warn "- $file" "symlink to xtables-nft-multi"
+        else
+          wrap_bad "- $file" "symlink to $link"
          linkFail=1
        fi
+      fi
    done <.links
    if [ $linkFail -eq 0 ]; then
      wrap_good '- links' 'good'
@ -374,11 +381,11 @@ fi

 flags="
  NAMESPACES NET_NS PID_NS IPC_NS UTS_NS
-  CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG
+  CGROUPS CGROUP_PIDS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG
  KEYS
  VETH BRIDGE BRIDGE_NETFILTER
  IP_NF_FILTER IP_NF_TARGET_MASQUERADE
-  NETFILTER_XT_MATCH_ADDRTYPE NETFILTER_XT_MATCH_CONNTRACK NETFILTER_XT_MATCH_IPVS
+  NETFILTER_XT_MATCH_ADDRTYPE NETFILTER_XT_MATCH_CONNTRACK NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_MULTIPORT
  IP_NF_NAT NF_NAT
  POSIX_MQUEUE
 "
@ -398,9 +405,6 @@ echo 'Optional Features:'
 {
  check_flags SECCOMP
 }
-{
-  check_flags CGROUP_PIDS
-}
 # {
 #   check_flags MEMCG_SWAP MEMCG_SWAP_ENABLED
 #   if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then