Hi Jonathan, On Wed, Apr 24, 2019 at 08:04:43PM +0100, Jonathan Dowland wrote: > severity 903635 critical > thanks > > Justification: "makes unrelated software on the system (or the whole system) > break" > > Installing docker.io changed my FORWARD chain policy to DROP, breaking > networking for unrelated virsh-based VMs that I had installed on the machine > at > the time. This matches exactly the text for severity: serious.
Could you provide more info about "changed my FORWARD chain policy to DROP"? I set add `"iptables": false` to `/etc/docker/daemon.json`. Then reboot my laptop. Then run `iptables-save`. The result is ``` # Generated by xtables-save v1.8.2 on Mon Jun 10 01:22:35 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :DOCKER-USER - [0:0] -A FORWARD -j DOCKER-USER -A DOCKER-USER -j RETURN COMMIT # Completed on Mon Jun 10 01:22:35 2019 ``` The FORWARD policy is ACCEPT. The origin bug is true that, docker still adds an empty chain, when iptables=false is set. But IMHO your justification is not real. -- Shengjing Zhu
signature.asc
Description: PGP signature
