mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-02-22 06:43:41 +00:00
716c55abdd
Adds a practical set of kernel config used by docker-in-docker and kind for network bridging and filtering. It also includes the matching IPv6 support to allow tools like kind that require IPv6 network policies to work out of the box. This support includes: - nftables reject and filtering support for inet/ipv4/ipv6 - Bridge filtering for container-to-container traffic - IPv6 NAT, filtering, and packet matching rules for network policies - VXLAN and IPsec crypto support for network tunneling - TMPFS POSIX ACL support for filesystem permissions The configs are organized across fragment files: - common/fs.conf: TMPFS ACL support - common/crypto.conf: IPsec/VXLAN crypto algorithms - common/network.conf: VXLAN, IPsec ESP, nftables bridge/ARP/netdev - common/netfilter.conf: IPv6 netfilter stack and nftables advanced features Fixes: #11886 Signed-off-by: Simon Kaegi <simon.kaegi@gmail.com>