packages/nixos: temporarily use 6.11 kernel for peer pods

There is a breaking change in Linux 6.12 which prohibits `SO_REUSEPORT` on non `AF_INET*` sockets. To cope with this, we temporarily default to a 6.11 kernel on peer-pods pod VMs until the fix has landed.
edgelesssys · Jan 17, 2025 · dde6a33 · dde6a33
1 parent 7c3f24a
commit dde6a33
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/packages/nixos/azure.nix b/packages/nixos/azure.nix
@@ -55,8 +55,14 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    # Temporarily not use a latest kernel.
+    # This is because of this change in the Linux kernel:
+    # https://github.com/containerd/ttrpc-rust/blob/0610015a92c340c6d88f81c0d6f9f449dfd0ecba/src/common.rs#L175
+    # which breaks the ttRPC socket that the Kata agent creates.
+    # Upstream fix: https://github.com/containerd/ttrpc-rust/pull/280
+    # TODO(msanft): Go back to a latest kernel once ttrpc-rust / kata adopt the fix.
     # TODO(burgerdev): find a recent kernel tailored for Azure.
-    boot.kernelPackages = pkgs.linuxPackages_latest;
+    boot.kernelPackages = pkgs.linuxPackages_6_11;
 
     boot.initrd = {
       kernelModules = [