This also applies to docker-19.03.1. Grepping my kernel config files artus /etc # grep CONFIG_NF_NAT_NEEDED /etc/kernels/config-* [...] /etc/kernels/config-5.1.7-gentoo-0:CONFIG_NF_NAT_NEEDED=y /etc/kernels/config-5.1.8-gentoo-0:CONFIG_NF_NAT_NEEDED=y /etc/kernels/config-5.1.9-gentoo-0:CONFIG_NF_NAT_NEEDED=y artus /etc # ls /etc/kernels/config-5.2.* /etc/kernels/config-5.2.0-gentoo-0 /etc/kernels/config-5.2.2-gentoo-0 /etc/kernels/config-5.2.1-gentoo-0 /etc/kernels/config-5.2.5-gentoo-0 it looks like this option has been removed in kernel 5.2. I currently have gentoo-sources-5.2.5 installed. artus /etc # emerge --info Portage 2.3.69 (python 3.6.5-final-0, default/linux/amd64/17.1/systemd, gcc-8.3.0, glibc-2.29-r2, 5.2.5-gentoo-0 x86_64) ================================================================= System uname: Linux-5.2.5-gentoo-0-x86_64-AMD_FX-tm-8350_Eight-Core_Processor-with-gentoo-2.6 KiB Mem: 16322044 total, 1920972 free KiB Swap: 4194300 total, 4184060 free Head commit of repository guru: 268c1ef53dd1715bb3ab098d7c229e2daade4176 Timestamp of repository moltonel: Mon, 29 Jul 2019 10:11:57 +0000 Head commit of repository moltonel: c16c5918936ffc02f01bcc84e4f4250b7b1054d8 Head commit of repository cg: 0869cb2d7bd6be7107d7c097dcd25d569819b936 Head commit of repository enlightenment-niifaq: 425ed88bfe9864511ffb921368dbed831568c5ab Timestamp of repository gamerlay: Mon, 29 Jul 2019 10:11:46 +0000 Head commit of repository gamerlay: e2e2d3b3878770d090fbbfacd85f1cf33737bf14 Timestamp of repository R_Overlay: Thu, 01 Aug 2019 05:27:17 +0000 Head commit of repository R_Overlay: cc5898228b7a0ecfe45d862156409681bf2e18ad Timestamp of repository dotnet: Mon, 29 Jul 2019 10:11:45 +0000 Head commit of repository dotnet: 547f972755f0571f39a595263b593042c2447d14 Head commit of repository niftyled: 214aa7cdd5a2b101e9ee1661a5de49a97a3d8b59 Timestamp of repository octave: Thu, 18 Jul 2019 16:22:21 +0000 Head commit of repository octave: ff44a2e4cc145f425b1bd79fa23620e3655502c6 Timestamp of repository steam-overlay: Thu, 18 Jul 2019 16:22:33 +0000 Head commit of repository steam-overlay: d127dd045ee604a89cc1bef65e4efafa0a545429 Timestamp of repository toolchain: Sat, 27 Jul 2019 14:49:53 +0000 Head commit of repository toolchain: 423f7d04fada52e46024fc682216efe46303c3e1 Head commit of repository qt: 088192653d4735a0fa555445c7945c77d24d1525 Head commit of repository science: fb2465d7e6584f980f74bdd733664c8d33bfb29d Head commit of repository enlightenment-live: 73d3de1581199311fe0fb04b0e4dcf3adcdbdf21 Timestamp of repository fem-overlay: Mon, 29 Jul 2019 10:12:40 +0000 Head commit of repository fem-overlay: c3f48185829b3ec65a67f7230ad8e842f74448a9 Timestamp of repository pentoo: Thu, 01 Aug 2019 16:27:05 +0000 Head commit of repository pentoo: d27fa05fe220f255b85963cd977118a0f72f625e Head commit of repository gentoo-git: d7d5d8a8610c2bbc3d82f1e74c97557eabc14865 Head commit of repository waebbl: d433a2f9e439e43f9b64d9ff2585b1a73d11895a Timestamp of repository gentoo: Thu, 01 Aug 2019 18:07:41 +0000 Head commit of repository gentoo: 2745fafa11427e61d3655c41ee796787944fd700 sh bash 4.4_p23-r1 ld GNU gold (Gentoo 2.32 p2 2.32.0) 1.16 app-shells/bash: 4.4_p23-r1::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.28.2-r1::gentoo dev-lang/python: 2.7.15::gentoo, 3.6.5::gentoo, 3.7.4-r1::gentoo dev-util/cmake: 3.14.6::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.69-r4::gentoo sys-devel/automake: 1.16.1-r1::gentoo sys-devel/binutils: 2.32-r1::gentoo sys-devel/gcc: 8.3.0-r1::gentoo sys-devel/gcc-config: 2.0::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 5.1::gentoo (virtual/os-headers) sys-libs/glibc: 2.29-r2::gentoo Repositories: guru location: /mnt/data/code/github/portage-overlays/guru sync-type: git sync-uri: git@git.gentoo.org:repo/proj/guru.git masters: gentoo priority: -1000 moltonel location: /var/db/repos/moltonel sync-type: git sync-uri: https://github.com/gentoo-mirror/moltonel.git masters: gentoo cg location: /mnt/data/code/github/portage-overlays/cg sync-type: git sync-uri: https://github.com/waebbl/cg.git masters: gentoo priority: 30 enlightenment-niifaq location: /mnt/data/code/github/portage-overlays/enlightenment.overlay sync-type: git sync-uri: git://github.com/waebbl/enlightenment.overlay.git masters: gentoo priority: 30 gamerlay location: /var/db/repos/gamerlay sync-type: git sync-uri: https://github.com/gentoo-mirror/gamerlay.git masters: gentoo priority: 30 R_Overlay location: /mnt/data/code/github/portage-overlays/R_Overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/R_Overlay.git masters: gentoo priority: 50 dotnet location: /var/db/repos/dotnet sync-type: git sync-uri: https://github.com/gentoo-mirror/dotnet.git masters: gentoo priority: 50 niftyled location: /mnt/data/code/github/portage-overlays/niftyledGentoo sync-type: git sync-uri: https://github.com/waebbl/niftyledGentoo.git masters: gentoo priority: 50 octave location: /var/db/repos/octave sync-type: git sync-uri: https://github.com/gentoo-mirror/octave.git masters: gentoo priority: 50 steam-overlay location: /var/db/repos/steam-overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/steam-overlay.git masters: gentoo priority: 50 toolchain location: /var/db/repos/toolchain sync-type: git sync-uri: https://github.com/gentoo-mirror/toolchain.git masters: gentoo priority: 50 qt location: /mnt/data/code/github/portage-overlays/qt sync-type: git sync-uri: https://github.com/gentoo-mirror/qt.git masters: gentoo priority: 60 science location: /mnt/data/code/github/portage-overlays/sci sync-type: git sync-uri: git://github.com/waebbl/sci.git masters: gentoo priority: 60 enlightenment-live location: /mnt/data/code/github/portage-overlays/enlightenment-live sync-type: git sync-uri: git://github.com/waebbl/enlightenment-live.git masters: gentoo priority: 61 fem-overlay location: /var/db/repos/fem-overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/fem-overlay.git masters: gentoo priority: 70 pentoo location: /mnt/data/code/github/portage-overlays/pentoo sync-type: git sync-uri: https://github.com/gentoo-mirror/pentoo.git masters: gentoo priority: 90 gentoo-git location: /mnt/data/code/github/portage-overlays/gentoo-git sync-type: git sync-uri: git@github.com:waebbl/gentoo.git masters: gentoo priority: 99 waebbl location: /mnt/data/code/github/portage-overlays/waebbl sync-type: git sync-uri: https://github.com/waebbl/waebbl-gentoo.git masters: gentoo priority: 99 gentoo location: /usr/portage sync-type: git sync-uri: https://github.com/gentoo-mirror/gentoo.git priority: 100 Installed sets: @3D, @XWindow, @adm-tools, @android, @base, @benchmarking, @desktop, @dev-tools, @doc-tools, @docs, @emacs, @esteam, @fonts, @fun, @games, @infinity, @kde, @keep, @kernel-dep, @langs, @lxqt-live, @media, @my_latex, @netz, @nifty, @nvidia, @office, @python, @qt, @sci, @sec, @server, @steam, @themes, @vcs, @virt, @xfce, @zip ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=bdver2 -fstack-protector-strong -fstack-check" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/grs/systems.conf /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -march=bdver2 -fstack-protector-strong -fstack-check" DISTDIR="/mnt/data/download/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps n --complete-graph --keep-going" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe -march=bdver2 -fstack-protector-strong -fstack-check -fbounds-check" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildsyspkg candy cgroup clean-logs config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned sandbox sfperms sign split-elog split-log strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe -march=bdver2 -fstack-protector-strong -fstack-check -fbounds-check" GENTOO_MIRRORS="http://ftp.halifax.rwth-aachen.de/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://mirror.netcologne.de/gentoo/ http://mirror.eu.oneandone.net/linux/distributions/gentoo/gentoo/" INSTALL_MASK="/usr/share/locale -/usr/share/locale/de* -/usr/share/locale/en*" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--defsym=__gentoo_check_ldflags__=0" MAKEOPTS="-j4" PKGDIR="/mnt/data/download/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X acl alsa amd64 branding bzip2 cli crypt cxx dbus dri egl fortran gdbm gif gnome iconv ipv6 jpeg jpeg2k kde libinput libtirpc multilib ncurses networkmanager nls nptl offensive ogg opengl openmp pam pcre pic png policykit postgres pulseaudio python qt5 readline seccomp sound split-usr ssl svg systemd tcpd tga theora threads tiff udev unicode vorbis wayland x264 x265 xattr xpm zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" CAMERAS="*" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx f16c fma3 fma4 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 xop" ELIBC="glibc" ENLIGHTENMENT_MODULES="appmenu clock conf conf-applications conf-bindings conf-dialogs conf-display conf-interaction conf-intl conf-menus conf-paths conf-performance conf-randr conf-shelves conf-theme conf-window-manipulation conf-window-remembers connman cpufreq everything fileman fileman-opinfo gadman geolocation ibar ibox lokker mixer msgbus music-control notification packagekit pager pager-plain quickaccess shot start syscon sysinfo systray tasks teamwork temperature tiling time winlist wizard xkbswitch" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc multiboot qemu" INPUT_DEVICES="evdev libinput" KERNEL="linux" L10N="de de-DE en en-GB en-US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="nlpsolver" LLVM_TARGETS="AArch64 ARM BPF NVPTX" NETBEANS_MODULES="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" NGINX_MODULES_HTTP="access addition auth_basic auth_pam autoindex browser cache_purge charset dav dav_ext echo empty_gif fancyindex fastcgi flv geo geoip2 gunzip gzip headers_more image_filter javascript limit_conn limit_req map memc memcached metrics mp4 naxsi proxy push_stream realip referer rewrite scgi secure_link slowfs_cache split_clients ssi sticky stub_status sub upload_progress userid uwsgi xslt" NGINX_MODULES_STREAM="access geo geoip2 javascript limit_conn map return split_clients" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" POSTGRES_TARGETS="postgres11" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python3_6 python3_7" QEMU_SOFTMMU_TARGETS="aarch64 arm i386 sparc sparc64 x86_64" QEMU_USER_TARGETS="aarch64 aarch64_be arm armeb i386 sparc sparc32plus sparc64 x86_64" RUBY_TARGETS="ruby24" USERLAND="GNU" VIDEO_CARDS="dummy fbdev nvidia vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
They removed this option in 5.2 as it was superfluous. Having NF_NAT=y is enough. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/?id=4806e975729f99c7908d1688a143f1e16d464e6c
(In reply to Andrew Udvare from comment #1) > They removed this option in 5.2 as it was superfluous. Having NF_NAT=y is > enough. > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/ > ?id=4806e975729f99c7908d1688a143f1e16d464e6c Of course this enough, but docker service can't start and send dmesg message after crash like this: ... [ 1766.476759] iptable_nat: Unknown symbol nf_nat_ipv4_register_fn (err -2) [ 1766.476771] iptable_nat: Unknown symbol nf_nat_ipv4_unregister_fn (err -2) ... So, it seems that docker (stable and unstable) can run only with stable kernel branches while (something like gentoo-sources-4.19.x or 4.20.17) with explicit CONFIG_NF_NAT_NEEDED
(In reply to Sergey from comment #2) > (In reply to Andrew Udvare from comment #1) > > They removed this option in 5.2 as it was superfluous. Having NF_NAT=y is > > enough. > > > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/ > > ?id=4806e975729f99c7908d1688a143f1e16d464e6c > > Of course this enough, but docker service can't start and send dmesg message > after crash like this: > ... > [ 1766.476759] iptable_nat: Unknown symbol nf_nat_ipv4_register_fn (err -2) > [ 1766.476771] iptable_nat: Unknown symbol nf_nat_ipv4_unregister_fn (err -2) > ... > > So, it seems that docker (stable and unstable) can run only with stable > kernel branches while (something like gentoo-sources-4.19.x or 4.20.17) with > explicit CONFIG_NF_NAT_NEEDED I'm sorry but NF_NAT really enough in most. After rebuild and reload kernel with NF_NAT and some other: docker started and works with latest kernels (5.2.9) It tested with docker-19.03.1
fixed. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d75dcab338257a061b3adea2a59aaa885d81387d
