用nerdctl起容器碰到如下issue:
FATA[0001] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2023-12-09T07:11:23Z" level=fatal msg="failed to call cni.Setup: plugin type=\"bridge\" failed (add): running [/usr/sbin/iptables -t nat -C CNI-d7e24bea2c46f10376f3b8de -d 10.4.0.8/24 -j ACCEPT -m comment --comment name: \"bridge\" id: \"default-36dd60dc48c5adc4b38ab7ae295aca5f75e91f84dd2f030ffd865627a48000ab\" --wait]: exit status 2: iptables v1.8.4 (legacy): Couldn't load match `comment':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\n"
在确保cni安装正常的情况下,发现是缺少xt_comment kernel module. modprobe xt_comment。解决问题。