Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[1.2] Re-add tun/tap to default device rules #4556

Merged
merged 1 commit into from
Dec 17, 2024

Conversation

cyphar
Copy link
Member

@cyphar cyphar commented Dec 17, 2024

Backport of #4555.

Since v1.2.0 was released, a number of users complained that the removal
of tun/tap device access from the default device ruleset is causing a
regression in their workloads.

Additionally, it seems that some upper-level orchestration tools
(Docker Swarm, Kubernetes) makes it either impossible or cumbersome
to supply additional device rules.

While it's probably not quite right to have /dev/net/tun in a default
device list, it was there from the very beginning, and users rely on it.
Let's keep it there for the sake of backward compatibility.

This reverts commit 2ce40b6.

Signed-off-by: Kir Kolyshkin kolyshkin@gmail.com
(Cherry-pick of commit 394f4c3.)
Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Since v1.2.0 was released, a number of users complained that the removal
of tun/tap device access from the default device ruleset is causing a
regression in their workloads.

Additionally, it seems that some upper-level orchestration tools
(Docker Swarm, Kubernetes) makes it either impossible or cumbersome
to supply additional device rules.

While it's probably not quite right to have /dev/net/tun in a default
device list, it was there from the very beginning, and users rely on it.
Let's keep it there for the sake of backward compatibility.

This reverts commit 2ce40b6.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(Cherry-pick of commit 394f4c3.)
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
@cyphar cyphar added the backport/1.2-pr A backport PR to release-1.2 label Dec 17, 2024
@cyphar cyphar added this to the 1.2.4 milestone Dec 17, 2024
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/1.2-pr A backport PR to release-1.2
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants