Hi Daniel,
On 02.05.25 11:37, Daniel Gröber wrote:
I investigated a curious networking problem in Debian's autopkgtest
infrastructure along with Paul. We found that a recent (innocent) nftables
update caused needrestart to trigger a nftables.service restart which
I wonder why needrestart selects this service at all. Could you provide
the output of `needrestart -v` for this?
flushed volatile firewall rules installed into the kernel by
lxc. Specifically by lxc-net.service see /usr/libexec/lxc/lxc-net.
I think we should add an exception for nftables to $nrconf{override_rc} to
avoid this problem since there doesn't seem to be any point in restarting
it for security purposes.
ACK, IMHO it should be completely ignored and one should consider the
same for iptables. But I still wonder why the service gets selected at all…
Cheers,
Thomas
(upstream)
Thanks,
--Daniel
