From f16f5d6d269e9a88d3913f6764f35944e5b3fc0e Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Wed, 13 May 2026 15:20:57 -0400 Subject: [PATCH] fix(vm): enable NFT_LOG kernel module for nftables bypass detection The nftables log statement requires CONFIG_NFT_LOG, which was not included in the VM guest kernel config. Without it, nft rejects rules containing the log keyword with "No such file or directory". --- crates/openshell-driver-vm/runtime/kernel/openshell.kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/crates/openshell-driver-vm/runtime/kernel/openshell.kconfig b/crates/openshell-driver-vm/runtime/kernel/openshell.kconfig index b5f0330af..210c6d503 100644 --- a/crates/openshell-driver-vm/runtime/kernel/openshell.kconfig +++ b/crates/openshell-driver-vm/runtime/kernel/openshell.kconfig @@ -79,6 +79,7 @@ CONFIG_NFT_NUMGEN=y CONFIG_NFT_FIB_IPV4=y CONFIG_NFT_FIB_IPV6=y CONFIG_NFT_LIMIT=y +CONFIG_NFT_LOG=y CONFIG_NFT_REDIR=y CONFIG_NFT_TPROXY=y