This change will toggle the default firewalld backend from iptables to nftables. All of firewalld's primitives will use nftables while direct rules continue to use iptables/ebtables.
@dwalsh @awjb @baude @fkluknav @lsm5 @runcom @miminar @jchaloup @maxamillion Docker maintainers, are you on board?
We don't maintain Docker. That is a company. We do maintain container engines. Our use of filewall rules is through CNI plugins, So we really need to know if they are ok with this.
You are the maintainers of the "docker" package. That's why I've CCed you.
The "docker" package does/should not exist in Fedora 32 or Fedora 31 for that matter.
We are the maintaines of podman, buildah, cri-o, skopeo.
There is a moby-engine package, but I should not be a maintainer of this.
Correct, sorry, I've missed that "docker" is retired.
@olem are you on board?
I don't think we should block this change by moby-engine support.
I think we should block this change by moby-engine support.
I agree we should NOT block the change based on moby-engine support.
Based on the description in the change page, adding support in moby-engine is not complicated.
I think the switch is a big improvement for majority of users and we should not block on moby-engine support, though of course it would be nice if it is done in time.
Let me make my vote -1.
I realize that we prefer podman over moby/docker, but the reality probably is the majority of developers and poweradmins (power users/admins) will blame Fedora if docker breaks for them.
The change explicitly says a fix is possible, and I would like to block this change on an ack from whoever maintains the package that provides the docker command (that is AFAIK both the moby-engine package maintained by @olem and the podman-docker package maintained by @lsm5 and co., while only moby-engine also provides the docker name).
After a week, the vote is +4,0,-1. By the ticket policy, I am tagging this for the next meeting.
Metadata Update from @bcotton:
- Issue tagged with: meeting
Approved in the meeting (+6,0,-1).
Note that the FESCo decision is that "The maintainers of moby-engine are responsible for how [this] turns out for them.".
Metadata Update from @sgallagh:
- Issue close_status updated to: Accepted
- Issue status updated to: Closed (was: Open)
to comment on this ticket.