In ancient times, we merged #90 to add a fake modprobe that does ip link show to successfully load kernel modules on the host from inside a container.
Since moby/moby#49038 (v28+), this is implemented in dockerd itself, and was even backported in v27.4.1, which covers all supported versions and we could now (finally!) remove that code completely.
One wrinkle we have to consider/account for is all the complicated iptables-legacy logic we now have (where we use modprobe directly). Maybe that means we don't get to remove this code yet until we remove that code too?
(thanks to @thaJeztah for reminding me in docker/docker-ce-packaging#1118 (comment) and inspiring this issue ❤️)
In ancient times, we merged #90 to add a fake
modprobethat doesip link showto successfully load kernel modules on the host from inside a container.Since moby/moby#49038 (v28+), this is implemented in
dockerditself, and was even backported in v27.4.1, which covers all supported versions and we could now (finally!) remove that code completely.One wrinkle we have to consider/account for is all the complicated
iptables-legacylogic we now have (where we usemodprobedirectly). Maybe that means we don't get to remove this code yet until we remove that code too?(thanks to @thaJeztah for reminding me in docker/docker-ce-packaging#1118 (comment) and inspiring this issue ❤️)