From fa9ed67d24d5ec1ab138b11d3c9e28ba655fd0f7 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Fri, 29 Nov 2024 21:48:11 +0100
Subject: [PATCH] deb,rpm: add kmod as recommended dependency to provide
 modprobe

Depending on the host configuration, the `br_netfilter` module may not
be loaded by default. In this situation, docker will try to load the module
through `modprobe`.

Older versions of docker would silently ignore failing to do so, log a message,
and continue;

    time="2024-11-29T20:04:58.538404376Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: , error: exec: \"modprobe\": executable file not found in $PATH"

However, starting with [db25b0dcd0461802289e962aa0df3abd323d1994][1] and
[264c15bfc427d1321c5b302e48e16d113b06ef92][2], we now produce an error:

    === FAIL: libnetwork/drivers/bridge TestCreateFullOptions (0.04s)
    time="2024-11-29T19:03:44Z" level=error msg="Running modprobe br_netfilter failed with message: " error="exec: \"modprobe\": executable file not found in $PATH"
        bridge_linux_test.go:280: Failed to create bridge: loadBridgeNetFilterModule failed: cannot restrict inter-container communication: modprobe br_netfilter failed: exec: "modprobe": executable file not found in $PATH

This patch updates the packages to add `kmod` (which provides `modprobe`)
as a recommended dependency. We should probably look for alternatives in
our code to not require `modprobe`.

[1]: https://github.com/moby/moby/commit/db25b0dcd0461802289e962aa0df3abd323d1994
[2]: https://github.com/moby/moby/commit/264c15bfc427d1321c5b302e48e16d113b06ef92

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit deed8d9df8cd90139229748021efcc006900aba5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 deb/common/control       | 1 +
 rpm/SPECS/docker-ce.spec | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/deb/common/control b/deb/common/control
index f405eaf8b6..45687798e2 100644
--- a/deb/common/control
+++ b/deb/common/control
@@ -34,6 +34,7 @@ Recommends: apparmor,
             ca-certificates,
             docker-ce-rootless-extras,
             git,
+            kmod,
             libltdl7,
             pigz,
             procps,
diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec
index bcfaa475e9..bb8cdc913d 100644
--- a/rpm/SPECS/docker-ce.spec
+++ b/rpm/SPECS/docker-ce.spec
@@ -13,6 +13,8 @@ Vendor: Docker
 Packager: Docker <support@docker.com>
 
 Requires: /usr/sbin/groupadd
+# Provides modprobe, which we use to load br_netfilter if not loaded.
+Recommends: kmod
 Requires: docker-ce-cli
 Recommends: docker-ce-rootless-extras
 Requires: container-selinux >= 2:2.74