While looking into podman c/r tests failures on CentOS Stream 9, I saw this:

1. [18:34:40.955891847] # podman  container checkpoint f7083b2ea1869dcbb97239b0c9fb4d02d270fddec13701c04a30a8305390c43c
2. [18:34:41.043687221] 144-(00.026346) Add mnt ns 13 pid 32790
3. 145-(00.026364) Will take cgroup namespace in the image
4. 146-(00.026366) Add cgroup ns 14 pid 32790
5. 147-(00.026439) net: Lock network
6. 148-(00.026442) Running network-lock scripts
7. 149:Error (criu/util.c:627): execvp("iptables-restore", ...) failed: No such file or directory
8. 150:(00.027125) Error (criu/util.c:642): exited, status=1
9. 151:Error (criu/util.c:627): execvp("ip6tables-restore", ...) failed: No such file or directory
10. 152:(00.027775) Error (criu/util.c:642): exited, status=1
11. 153:(00.027788) Error (criu/net.c:3124): net: Locking network failed: iptables-restore returned -1. This may be connected to disabled CONFIG_NETFILTER_XT_MARK kernel build config option.
12. 154-(00.027806) net: Unlock network
13. 155-(00.027809) Running network-unlock scripts
14. 156:Error (criu/util.c:627): execvp("iptables-restore", ...) failed: No such file or directory
15. 157:(00.028459) Error (criu/util.c:642): exited, status=1
16. 158:Error (criu/util.c:627): execvp("ip6tables-restore", ...) failed: No such file or directory
17. 159:(00.030103) Error (criu/util.c:642): exited, status=1
18. 160-(00.030126) Unfreezing tasks into 1
19. 161-(00.030130)     Unseizing 32790 into 1
20. 162-(00.030141)     Unseizing 32830 into 1
21. 163:(00.030158) Error (criu/cr-dump.c:2098): Dumping FAILED.
22. CRIU checkpointing failed -52.  Please check CRIU logfile /var/lib/containers/storage/overlay-containers/f7083b2ea1869dcbb97239b0c9fb4d02d270fddec13701c04a30a8305390c43c/userdata/dump.log: Invalid exchange
23. Error: `/usr/bin/crun checkpoint --image-path /var/lib/containers/storage/overlay-containers/f7083b2ea1869dcbb97239b0c9fb4d02d270fddec13701c04a30a8305390c43c/userdata/checkpoint --work-path /var/lib/containers/storage/overlay-containers/f7083b2ea1869dcbb97239b0c9fb4d02d270fddec13701c04a30a8305390c43c/userdata f7083b2ea1869dcbb97239b0c9fb4d02d270fddec13701c04a30a8305390c43c` failed: exit status 1
24. [18:34:41.046892601] [ rc=125 (** EXPECTED 0 **) ]}}

Apparently, iptables-legacy package is required but not installed. I expected it to be installed automatically as a dependency of criu.

For more details, see https://github.com/containers/crun/pull/2030