Backwards-compatible /proc and sysctl conntrack entries
Dave Jones
davej at redhat.com
Tue Mar 27 21:51:34 UTC 2007
On Tue, Mar 27, 2007 at 05:48:40PM -0400, Chuck Ebbert wrote:
> Dave Jones wrote:
> > On Tue, Mar 27, 2007 at 03:13:22PM -0400, Chuck Ebbert wrote:
> > > Josh Boyer wrote:
> > > >> Users also have firewall configuration scripts that rely on these
> > > >> entries.
> > > >
> > > > Damn. That does suck.
> > > >
> > > > So how long does upstream intend to keep CONFIG_NF_CONNTRACK_PROC_COMPAT
> > > > around?
> > >
> > > Until FC-6 dies, hopefully... :)
> > >
> > > A new comment in bz 234174 is interesting:
> > >
> > > | Or, ideally, the kernel rpm should look into obvious places (e.g.
> > > | /etc/sysconfig/iptables-config, /etc/sysctl.conf) and do some perl -pie magic.
> >
> > This would break booting back into the earlier kernel (which used to work
> > until we munged these files).
> >
>
> Maybe we could create symlinks in the new kernel directory so the old module
> names would work?
maybe. if the contents are the same, then it should work.
Makes me wonder why that isn't what CONFIG_NF_CONNTRACK_PROC_COMPAT would do.
But then, I'm trying not to think too hard today. Vacationing is hard.
> > I think enabling the compat stuff for FC6's lifetime should be safe.
> > Hopefully upstream won't rip them out too soon.
>
> We'll just leave FC 6 on 2.6.20 until 2.6.21 is stable, i.e. forever. :)
Forever the optimist eh? :)
Dave
--
http://www.codemonkey.org.uk
More information about the Fedora-kernel-list
mailing list