networkd: drop CAP_SYS_MODULE

Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.

1 files changed, 4 insertions, 9 deletions

diff --git a/Makefile.am b/Makefile.am
index d2f2880c28..b14a6c3392 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4253,15 +4253,13 @@ systemd_networkd_SOURCES = \
 
 systemd_networkd_LDADD = \
 	libsystemd-networkd-core.la \
-	libsystemd-capability.la \
-	$(KMOD_LIBS)
+	libsystemd-capability.la
 
 noinst_LTLIBRARIES += \
 	libsystemd-networkd-core.la
 
 libsystemd_networkd_core_la_CFLAGS = \
-	$(AM_CFLAGS) \
-	$(KMOD_CFLAGS)
+	$(AM_CFLAGS)
 
 libsystemd_networkd_core_la_SOURCES = \
 	src/libsystemd-network/network-internal.h \
@@ -4290,8 +4288,7 @@ rootlibexec_PROGRAMS += \
 	systemd-networkd-wait-online
 
 systemd_networkd_wait_online_CFLAGS = \
-	$(AM_CFLAGS) \
-	$(KMOD_CFLAGS)
+	$(AM_CFLAGS)
 
 systemd_networkd_wait_online_SOURCES = \
 	src/libsystemd-network/network-internal.h \
@@ -4308,12 +4305,10 @@ test_network_SOURCES = \
 	src/network/test-network.c
 
 test_network_CFLAGS = \
-	$(AM_CFLAGS) \
-	$(KMOD_CFLAGS)
+	$(AM_CFLAGS)
 
 test_network_LDADD = \
 	libsystemd-networkd-core.la
-	$(KMOD_LIBS)
 
 tests += \
 	test-network