From 43f6173cc6050cd07348d8e0532a27ec0f24a774 Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Tue, 9 Jul 2024 17:16:54 +0200
Subject: [PATCH] CI: test nftables driver on fedora

Make sure this passes podman CI before we push out a default change.

ref: https://fedoraproject.org/wiki/Changes/NetavarkNftablesDefault

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 contrib/cirrus/setup_environment.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index eaaf22a3d7..d8e763e928 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -147,6 +147,11 @@ case "$OS_RELEASE_ID" in
             msg "Enabling container_manage_cgroup"
             showrun setsebool container_manage_cgroup true
         fi
+
+        # Test nftables driver, https://fedoraproject.org/wiki/Changes/NetavarkNftablesDefault
+        # We can drop this once this implemented and pushed into fedora stable. We cannot test it on
+        # debian because the netavark version there is way to old for nftables support.
+        printf "[network]\nfirewall_driver=\"nftables\"\n" > /etc/containers/containers.conf.d/90-nftables.conf
         ;;
     *) die_unknown OS_RELEASE_ID
 esac