diff --git a/common/docs/containers.conf.5.md b/common/docs/containers.conf.5.md index 086cc76beb..76aa24a5e5 100644 --- a/common/docs/containers.conf.5.md +++ b/common/docs/containers.conf.5.md @@ -298,9 +298,9 @@ Logging driver for the container. Currently available options are k8s-file, jour **log_path**="" -Default path for container logs to be stored in. When empty, logs will be stored +Default path for container logs to be stored in. When empty, logs will be stored in the container's default storage and removed when the container is removed. -A subdirectory named with the container ID will be created under the specified +A subdirectory named with the container ID will be created under the specified path, and the log file will have the default name `ctr.log` within that directory. This option can be overridden by the `--log-opt` flag. @@ -429,7 +429,7 @@ The default value is empty which means that it will automatically choose CNI or already containers/images or CNI networks preset it will choose CNI. Before changing this value all containers must be stopped otherwise it is likely that -iptables rules and network interfaces might leak on the host. A reboot will fix this. +firewall rules and network interfaces might leak on the host. A reboot will fix this. **cni_plugin_dirs**=[] @@ -510,7 +510,7 @@ and "$graphroot/networks" as rootless. The firewall driver to be used by netavark. The default is empty which means netavark will pick one accordingly. Current supported -drivers are "iptables", "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is +drivers are "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is experimental at the moment and not recommend outside of testing). **dns_bind_port**=53 diff --git a/common/libnetwork/netavark/run_test.go b/common/libnetwork/netavark/run_test.go index e6573953c1..7c9ebf5669 100644 --- a/common/libnetwork/netavark/run_test.go +++ b/common/libnetwork/netavark/run_test.go @@ -99,9 +99,9 @@ var _ = Describe("run netavark", func() { _ = netns.UnmountNS(netNSContainer.Path()) _ = netNSContainer.Close() }) - // Force iptables driver, firewalld is broken inside the extra + // Force nftables driver, firewalld is broken inside the extra // namespace because it still connects to firewalld on the host. - t.Setenv("NETAVARK_FW", "iptables") + t.Setenv("NETAVARK_FW", "nftables") }) JustBeforeEach(func() { diff --git a/common/pkg/config/containers.conf b/common/pkg/config/containers.conf index fd337831c9..c5f97e23d3 100644 --- a/common/pkg/config/containers.conf +++ b/common/pkg/config/containers.conf @@ -216,12 +216,12 @@ default_sysctls = [ # #log_driver = "k8s-file" -# Default path for container logs to be stored in. When empty, logs will be stored +# Default path for container logs to be stored in. When empty, logs will be stored # in the container's default storage and removed when the container is removed. -# A subdirectory named with the container ID will be created under the specified +# A subdirectory named with the container ID will be created under the specified # path, and the log file will have the default name `ctr.log` within that directory. # This option can be overridden by the `--log-opt` flag. -# +# #log_path = "" # Maximum size allowed for the container log file. Negative numbers indicate @@ -359,7 +359,7 @@ default_sysctls = [ # already containers/images or CNI networks preset it will choose CNI. # # Before changing this value all containers must be stopped otherwise it is likely that -# iptables rules and network interfaces might leak on the host. A reboot will fix this. +# firewall rules and network interfaces might leak on the host. A reboot will fix this. # #network_backend = "" @@ -384,7 +384,7 @@ default_sysctls = [ # The firewall driver to be used by netavark. # The default is empty which means netavark will pick one accordingly. Current supported -# drivers are "iptables", "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is +# drivers are "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is # experimental at the moment and not recommend outside of testing). # #firewall_driver = ""