+config DOCKER_CHECK_CONFIG
+ bool "Installs check-config.sh with dependencies"
+ default n
+ depends on PACKAGE_dockerd
+ select PACKAGE_bash
+ select PACKAGE_kmod-ikconfig
+
# These options are mostly specified by https://github.com/moby/moby/blob/master/contrib/check-config.sh
config DOCKER_CGROUP_OPTIONS
menu "Storage"
depends on PACKAGE_dockerd
+ config DOCKER_STO_DEVMAPPER
+ bool "Enables support for devmapper snapshotting"
+ default n
+ select PACKAGE_libdevmapper
+
config DOCKER_STO_EXT4
bool "Enables support for ext3 or ext4 as the backing filesystem"
default n
bool "Enables support for btrfs as the backing filesystem"
default n
select KERNEL_BTRFS_FS_POSIX_ACL
+ select PACKAGE_btrfs-progs
endmenu
TITLE:=Docker Community Edition Daemon
URL:=https://www.docker.com/
DEPENDS:=$(GO_ARCH_DEPENDS) \
- +btrfs-progs \
+ca-certificates \
+containerd \
- +iptables-legacy \
+ +iptables \
+iptables-mod-extra \
- +iptables-mod-nat-extra \
+ +IPV6:ip6tables \
+ +IPV6:kmod-ipt-nat6 \
+KERNEL_SECCOMP:libseccomp \
- +kmod-br-netfilter \
- +kmod-ikconfig \
- +kmod-nf-conntrack-netlink \
+ +kmod-ipt-nat \
+ +kmod-ipt-physdev \
+kmod-nf-ipvs \
- +kmod-nf-nat \
+kmod-veth \
- +libdevmapper \
+libnetwork \
- +tini
+ +tini \
+ +uci-firewall
USERID:=docker:docker
MENU:=1
endef
$(INSTALL_BIN) $(PKG_BUILD_DIR)/bundles/binary-daemon/dockerd $(1)/usr/bin/
$(INSTALL_DIR) $(1)/opt/docker/
+
+ ifeq ($(CONFIG_DOCKER_CHECK_CONFIG),y)
$(INSTALL_DIR) $(1)/usr/share/docker/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/contrib/check-config.sh $(1)/usr/share/docker/
+ endif
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
# list registry_mirrors 'https://<my-docker-mirror-host>'
# list registry_mirrors 'https://hub.docker.com'
-# Docker ignores fw3 rules and by default all external source IPs are allowed to connect to the Docker host.
+# Docker doesn't work well out of the box with fw4. This is because Docker relies on a compatibility layer that
+# naively translates iptables rules. For the best compatibility replace the following dependencies:
+# `firewall4` -> `firewall`
+# `iptables-nft` -> `iptables-legacy`
+# `ip6tables-nft` -> `ip6tables-legacy`
+
+# Docker undermines the fw3 rules. By default all external source IPs are allowed to connect to the Docker host.
# See https://docs.docker.com/network/iptables/ for more details.
+
# firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
# then docker restarted to load in new changes.
config firewall 'firewall'