Merge pull request #1651 from flatcar-linux/kai/use-networkd-conf-drop-in

Replace systemd patch by a drop-in file
2025-08-16 09:26:58 +02:00 · 2022-02-17 10:09:32 +01:00 · 2022-02-17 10:09:32 +01:00 · 81fd6a88a2
commit 81fd6a88a2
parent 5b1acafa48 584693874b
5 changed files with 3 additions and 67 deletions
--- a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-02-16-networkd-foreign-routes.md
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-02-16-networkd-foreign-routes.md
@ -0,0 +1 @@
+- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([PR#61](https://github.com/flatcar-linux/init/pull/61))
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild
@ -10,7 +10,7 @@ CROS_WORKON_REPO="https://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	CROS_WORKON_COMMIT="d9738cf5281d5bd9849d01e1f5f8f9391d82d13d" # flatcar-master
+	CROS_WORKON_COMMIT="f980a88ab9ff96552df0d6a484f10f93574c5c0b" # flatcar-master
 	KEYWORDS="amd64 arm arm64 x86"
 fi

--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/baselayout/baselayout-9999.ebuild
@ -9,7 +9,7 @@ CROS_WORKON_REPO="https://github.com"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
 else
-	CROS_WORKON_COMMIT="c0871373412a3efb3c94b03825b64025f4f0c0fc" # flatcar-master
+	CROS_WORKON_COMMIT="ed371d9e166b86fdf181d38b273f43834e82350b" # flatcar-master
 	KEYWORDS="amd64 arm arm64 x86"
 fi

--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch
@ -1,64 +0,0 @@
-From c8d3f9b0f4964115c518eb009b17f026ad356ade Mon Sep 17 00:00:00 2001
-From: Kai Lueke <kailuke@microsoft.com>
-Date: Mon, 7 Feb 2022 17:39:23 +0100
-Subject: [PATCH 8/8] networkd: disable managing of foreign routes/rules by
- default
-
-While systemd-networkd follows the principle of a declarative network
-configuration and thus needs a way to ensure that unwanted routes or
-routing policy rules get discarded, the interfacing with procedural
-network management from CNIs like Cilium is limited, so that when the
-interface is set to "unmanaged" through a networkd unit, any routing
-policies there would also be ignored and discarded unless they would
-be defined for a new unit for a dummy network interface. This means
-the only option left is to disable the discarding of foreign rules
-globally.
-
-Change the default for ManageForeignRoutes and
-ManageForeignRoutingPolicyRules to "no" to ensure that we don't
-interfere with the network management of the CNIs. Users that rely on
-the setting can still enable it again. The default networkd config
-mentions the setting with a default value but since the networkd
-config resides on "/etc" it isn't auto updated on Flatcar and users
-may still see a wrong default value annotated there.
-
-https://github.com/cilium/cilium/issues/18706
-https://github.com/flatcar-linux/Flatcar/issues/620
---
- src/network/networkd-manager.c | 4 ++--
- src/network/networkd.conf      | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
-index 7e89366ae8..714ee5c226 100644
--- a/src/network/networkd-manager.c
-+++ b/src/network/networkd-manager.c
-@@ -471,8 +471,8 @@ int manager_new(Manager **ret, bool test_mode) {
-                 .test_mode = test_mode,
-                 .speed_meter_interval_usec = SPEED_METER_DEFAULT_TIME_INTERVAL,
-                 .online_state = _LINK_ONLINE_STATE_INVALID,
-                .manage_foreign_routes = true,
-                .manage_foreign_rules = true,
-+                .manage_foreign_routes = false,
-+                .manage_foreign_rules = false,
-                 .ethtool_fd = -1,
-                 .dhcp_duid.type = DUID_TYPE_EN,
-                 .dhcp6_duid.type = DUID_TYPE_EN,
-diff --git a/src/network/networkd.conf b/src/network/networkd.conf
-index 38dc9f1f79..57c661d600 100644
--- a/src/network/networkd.conf
-+++ b/src/network/networkd.conf
-@@ -15,8 +15,8 @@
- [Network]
- #SpeedMeter=no
- #SpeedMeterIntervalSec=10sec
-#ManageForeignRoutingPolicyRules=yes
-#ManageForeignRoutes=yes
-+#ManageForeignRoutingPolicyRules=no
-+#ManageForeignRoutes=no
- #RouteTable=
- 
- [DHCPv4]
-- 
-2.35.1
-
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-250.3.ebuild
@ -249,7 +249,6 @@ src_prepare() {
 		"${FILESDIR}/0005-systemd-Disable-SELinux-permissions-checks.patch"
 		"${FILESDIR}/0006-core-handle-lookup-paths-being-symlinks.patch"
 		"${FILESDIR}/0007-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
-		"${FILESDIR}/0008-networkd-disable-managing-of-foreign-routes-rules-by.patch"
 	)

 	if ! use vanilla; then
				`@ -0,0 +1 @@`
				- The systemd-networkd `ManageForeignRoutes` and `ManageForeignRoutingPolicyRules` settings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under `/etc/systemd/networkd.conf.d/` because drop-in files take precedence over `/etc/systemd/networkd.conf` ([PR#61](https://github.com/flatcar-linux/init/pull/61))