Ignore the exit code of modprobe always

The nature of `modprobe` in this image is that it works via `ip` hacks, but the exit code will always be non-zero because we don't have `/lib/modules` from the host. The effect of this was that everyone was using `iptables-legacy` (whether it was warranted for them to be doing so or not).
docker-library · Dec 18, 2023 · a796a6d · a796a6d
1 parent 9238e26
commit a796a6d
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 9 deletions.
diff --git a/24/dind/dockerd-entrypoint.sh b/24/dind/dockerd-entrypoint.sh
diff --git a/25-rc/dind/dockerd-entrypoint.sh b/25-rc/dind/dockerd-entrypoint.sh
diff --git a/dockerd-entrypoint.sh b/dockerd-entrypoint.sh
@@ -148,10 +148,14 @@ if [ "$1" = 'dockerd' ]; then
  # https:/docker-library/docker/issues/350
  # https:/moby/moby/issues/26824
  # https:/docker-library/docker/pull/437#issuecomment-1854900620
- if ! modprobe nf_tables; then
+ modprobe nf_tables ||:
+ if ! iptables -nL > /dev/null 2>&1; then
+ # might be host has no nf_tables, but Alpine is all-in now (so let's try a legacy fallback)
  modprobe ip_tables || :
- # see https:/docker-library/docker/issues/463 (and the dind Dockerfile where this directory is set up)
- export PATH="/usr/local/sbin/.iptables-legacy:$PATH"
+ if /usr/local/sbin/.iptables-legacy/iptables -nL > /dev/null 2>&1; then
+ # see https:/docker-library/docker/issues/463 (and the dind Dockerfile where this directory is set up)
+ export PATH="/usr/local/sbin/.iptables-legacy:$PATH"
+ fi
  fi
  fi