diff options
| author | ryneeverett <ryneeverett@gmail.com> | 2019-12-25 06:16:41 +0000 |
|---|---|---|
| committer | ryneeverett <ryneeverett@gmail.com> | 2020-07-18 02:31:25 +0000 |
| commit | f12581a7a3378a4becd3ae04dba785c777695dcd (patch) | |
| tree | 6b45e58ce3c2ec85647f9b4ca2363aa6f77b2057 /nixos | |
| parent | 87979bb0a364073dbde058c6f14216b8abf7c84e (diff) | |
| download | nixpkgs-f12581a7a3378a4becd3ae04dba785c777695dcd.tar nixpkgs-f12581a7a3378a4becd3ae04dba785c777695dcd.tar.gz nixpkgs-f12581a7a3378a4becd3ae04dba785c777695dcd.tar.bz2 nixpkgs-f12581a7a3378a4becd3ae04dba785c777695dcd.tar.lz nixpkgs-f12581a7a3378a4becd3ae04dba785c777695dcd.tar.xz nixpkgs-f12581a7a3378a4becd3ae04dba785c777695dcd.tar.zst nixpkgs-f12581a7a3378a4becd3ae04dba785c777695dcd.zip | |
nixos/docker: explicitly load kernel modules
This is analogous to #70447. With security.lockKernelModules=true, docker commands result in the following error without at least loading veth: $ docker run hello-world /nix/store/mr50kaan2vs4gc40ymwncb2vci25aq7z-docker-19.03.2/libexec/docker/docker: Error response from daemon: failed to create endpoint epic_kare on network bridge: failed to add the host (veth8b381f3) <=> sandbox (veth348e197) pair interfaces: operation not supported. ERRO[0003] error waiting for container: context canceled
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/virtualisation/docker.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/docker.nix b/nixos/modules/virtualisation/docker.nix index 7d196a46276..d87ada35a0a 100644 --- a/nixos/modules/virtualisation/docker.nix +++ b/nixos/modules/virtualisation/docker.nix @@ -149,6 +149,7 @@ in ###### implementation config = mkIf cfg.enable (mkMerge [{ + boot.kernelModules = [ "bridge" "veth" ]; environment.systemPackages = [ cfg.package ] ++ optional cfg.enableNvidia pkgs.nvidia-docker; users.groups.docker.gid = config.ids.gids.docker; |