207052a82c
bumping to pickup the following change:
commit af4e4301c12e98dc03b8827a44eb29786c1a61a6 (HEAD -> yocto-6.18, origin/yocto-6.18)
Author: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Mon Jan 5 09:41:06 2026 -0500
config/netfilter: migrate from legacy NF to NETFILTER_XT_TARGET_MASQUERADE
- 9fce66583f06c212 ("netfilter: Exclude LEGACY TABLES on PREEMPT_RT.")
adds NETFILTER_XTABLES_LEGACY and switches the iptables legacy options
(IP_NF_IPTABLES_LEGACY, IP_NF_NAT, IP6_NF_NAT, IP_NF_TARGET_MASQUERADE,
etc.) from select to depends on it in net/ipv4/netfilter/Kconfig and
net/ipv6/netfilter/Kconfig.
If NETFILTER_XTABLES_LEGACY is left unset, IP_NF_TARGET_MASQUERADE
becomes unreachable and no longer auto-selects NETFILTER_XT_TARGET_MASQUERADE,
so the xt_MASQUERADE module vanishes.
- 25a8b88f000c33a1 ("netfilter: add back NETFILTER_XTABLES dependencies")
restores depends on NETFILTER_XTABLES for those legacy symbols but keeps
the new NETFILTER_XTABLES_LEGACY gate in the same Kconfig files.
Effect: after these patches in the 6.18 cycle, keeping kernel-module-xt-masquerade
without enabling the legacy iptables stack requires setting
CONFIG_NETFILTER_XT_TARGET_MASQUERADE directly (as in your fix) or turning on
NETFILTER_XTABLES_LEGACY in the config.
Solution: for now, we just enable NETFILTER_XT_TARGET_MASQUERADE to fix a
specific error, and will start the migration of all the legacy
options to their new options. If breakage becomes widespread,
we'll enable NETFILTER_XTABLES_LEGACY.
This avoids a build error in xen-image-minimal due to missing kernel
module packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|---|---|---|
| classes | ||
| conf | ||
| docs | ||
| dynamic-layers | ||
| files | ||
| lib/oeqa/runtime/cases | ||
| recipes-containers | ||
| recipes-core | ||
| recipes-demo | ||
| recipes-devtools | ||
| recipes-extended | ||
| recipes-graphics/xorg-xserver | ||
| recipes-kernel | ||
| recipes-networking | ||
| scripts | ||
| wic | ||
| .gitignore | ||
| COPYING.MIT | ||
| MAINTAINERS | ||
| meta-virt-roadmap.txt | ||
| README.md | ||
| SECURITY.md | ||
meta-virtualization
The meta-virtualization layer is the authoritative resource for virtualization technologies in OpenEmbedded / Yocto built distributions. It provides support or both hypervisor-based virtualization (such as KVM, Xen, and QEMU) and system-level virtualization (Linux containers), along with the host and guest technologies required to build complete solutions ranging from embedded systems to full deep CNCF stack deployments.
The bbappend files for some recipes (e.g. linux-yocto) in this layer need to have 'virtualization' in DISTRO_FEATURES to have effect. To enable them, add in configuration file the following line.
DISTRO_FEATURES:append = " virtualization"
If meta-virtualization is included, but virtualization is not enabled as a distro feature a warning is printed at parse time:
You have included the meta-virtualization layer, but
'virtualization' has not been enabled in your DISTRO_FEATURES. Some bbappend files
may not take effect. See the meta-virtualization README for details on enabling
virtualization support.
If you know what you are doing, this warning can be disabled by setting the following variable in your configuration:
SKIP_META_VIRT_SANITY_CHECK = 1
Depending on your use case, there are other distro features in meta-virtualization that may also be enabled:
- xen: enables xen functionality in various packages (kernel, libvirt, etc)
- kvm: enables KVM configurations in the kernel and autoloads modules
- k8s: enables kubernetes configurations in the kernel, tools and configuration
- aufs: enables aufs support in docker and linux-yocto
- x11: enable xen and libvirt functionality related to x11
- selinux: enables functionality in libvirt and lxc
- systemd: enable systemd services and unit files (for recipes for support)
- sysvinit: enable sysvinit scripts (for recipes with support)
- seccomp: enable seccomp support for packages that have the capability.
Dependencies
This layer depends on:
URI: git://github.com/openembedded/openembedded-core.git branch: master revision: HEAD prio: default
URI: git://github.com/openembedded/meta-openembedded.git branch: master revision: HEAD layers: meta-oe meta-networking meta-filesystems meta-python
Required for Xen XSM policy: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default
Required for Ceph: URI: git://git.yoctoproject.org/meta-cloud-services branch: master revision: HEAD prio: default
Required for cri-o: URI: git://git.yoctoproject.org/meta-selinux branch: master revision: HEAD prio: default
Community / Collaboration
Repository: https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/ Mailing list: https://lists.yoctoproject.org/g/meta-virtualization IRC: libera.chat #meta-virt channel
Maintenance
Send pull requests, patches, comments or questions to meta-virtualization@lists.yoctoproject.org
Maintainer: Bruce Ashfield bruce.ashfield@gmail.com see MAINTAINERS for more specific information
When sending single patches, please using something like: $ git send-email -1 -M --to meta-virtualization@lists.yoctoproject.org --subject-prefix='meta-virtualization][PATCH'
License
All metadata is MIT licensed unless otherwise stated. Source code included in tree for individual recipes is under the LICENSE stated in each recipe (.bb file) unless otherwise stated.