release: make networkd ignore foreign settings

Otherwise, it may unexpectedly delete any IP routes and rules added by CNI solutions, which could break container networking. Signed-off-by: Ben Cressey <[email protected]>
bottlerocket-os · Sep 8, 2023 · feb93b0 · feb93b0
1 parent 381a762
commit feb93b0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/packages/release/release-systemd-networkd.conf b/packages/release/release-systemd-networkd.conf
@@ -0,0 +1,4 @@
+# Do not clobber any routes or rules added by CNI.
+[Network]
+ManageForeignRoutes=no
+ManageForeignRoutingPolicyRules=no
diff --git a/packages/release/release.spec b/packages/release/release.spec
@@ -9,6 +9,7 @@ License: Apache-2.0 OR MIT
 URL: https://github.com/bottlerocket-os/bottlerocket
 
 Source11: nsswitch.conf
+Source95: release-systemd-networkd.conf
 Source96: release-repart-local.conf
 Source97: release-sysctl.conf
 Source98: release-systemd-system.conf
@@ -124,6 +125,9 @@ Requires: %{_cross_os}xfsprogs
 install -d %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}
 install -p -m 0644 %{S:11} %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}
 
+install -d %{buildroot}%{_cross_libdir}/systemd/networkd.conf.d
+install -p -m 0644 %{S:95} %{buildroot}%{_cross_libdir}/systemd/networkd.conf.d/80-release.conf
+
 install -d %{buildroot}%{_cross_libdir}/repart.d/
 install -p -m 0644 %{S:96} %{buildroot}%{_cross_libdir}/repart.d/80-local.conf
 
@@ -199,8 +203,9 @@ ln -s preconfigured.target %{buildroot}%{_cross_unitdir}/default.target
 %{_cross_libdir}/os-release
 %dir %{_cross_libdir}/repart.d
 %{_cross_libdir}/repart.d/80-local.conf
-%{_cross_libdir}/systemd/system.conf.d/80-release.conf
 %{_cross_libdir}/systemd/network/80-release.link
+%{_cross_libdir}/systemd/networkd.conf.d/80-release.conf
+%{_cross_libdir}/systemd/system.conf.d/80-release.conf
 %{_cross_unitdir}/configured.target
 %{_cross_unitdir}/preconfigured.target
 %{_cross_unitdir}/multi-user.target