[Release-1.24] Enhance check-config (#7165)

* Add missing kernel config checks (#6946) Add additional kernel config checks for NETFILTER_XT_MATCH_COMMENT and NETFILTER_XT_MATCH_MULTIPORT as they are both required to run k3s. Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud> * Enhance `k3s check-config` (#7091) * Move CONFIG_CGROUP_PIDS to Required Signed-off-by: Derek Nola <derek.nola@suse.com> --------- Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Richard Steinmetz <richard@steinmetz.cloud>
k3s-io · Mar 29, 2023 · 8995df0 · 8995df0
1 parent 57e8adb
commit 8995df0
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/contrib/util/check-config.sh b/contrib/util/check-config.sh
@@ -177,8 +177,15 @@ echo
   if [ -s .links ]; then
     while read file link; do
       if [ "$(readlink $file)" != "$link" ]; then
-        wrap_bad '- links' "$file should link to $link"
-        linkFail=1
+        # If no iptables is installed on the host system, the symlink will be different
+        if [ "$(readlink $file)" = "xtables-legacy-multi" ]; then
+          wrap_warn "- $file" "symlink to xtables-legacy-multi"
+        elif [ "$(readlink $file)" = "xtables-nft-multi" ]; then
+          wrap_warn "- $file" "symlink to xtables-nft-multi"
+        else
+          wrap_bad "- $file" "symlink to $link"
+          linkFail=1
+        fi
       fi
     done <.links
     if [ $linkFail -eq 0 ]; then
@@ -374,11 +381,11 @@ fi
 
 flags="
   NAMESPACES NET_NS PID_NS IPC_NS UTS_NS
-  CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG
+  CGROUPS CGROUP_PIDS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG
   KEYS
   VETH BRIDGE BRIDGE_NETFILTER
   IP_NF_FILTER IP_NF_TARGET_MASQUERADE
-  NETFILTER_XT_MATCH_ADDRTYPE NETFILTER_XT_MATCH_CONNTRACK NETFILTER_XT_MATCH_IPVS
+  NETFILTER_XT_MATCH_ADDRTYPE NETFILTER_XT_MATCH_CONNTRACK NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_MULTIPORT
   IP_NF_NAT NF_NAT
   POSIX_MQUEUE
 "
@@ -398,9 +405,6 @@ echo 'Optional Features:'
 {
   check_flags SECCOMP
 }
-{
-  check_flags CGROUP_PIDS
-}
 # {
 #   check_flags MEMCG_SWAP MEMCG_SWAP_ENABLED
 #   if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then