networkd: drop CAP_SYS_MODULE

Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.

1 files changed, 0 insertions, 3 deletions

diff --git a/src/libsystemd-network/network-internal.h b/src/libsystemd-network/network-internal.h
index c08cddd799..2aeecf0ce2 100644
--- a/src/libsystemd-network/network-internal.h
+++ b/src/libsystemd-network/network-internal.h
@@ -24,7 +24,6 @@
 #include <netinet/ether.h>
 #include <netinet/in.h>
 #include <stdbool.h>
-#include <libkmod.h>
 
 #include "udev.h"
 #include "condition-util.h"
@@ -67,8 +66,6 @@ int net_parse_inaddr(const char *address, unsigned char *family, void *dst);
 
 int net_get_unique_predictable_data(struct udev_device *device, uint8_t result[8]);
 
-int load_module(struct kmod_ctx *ctx, const char *mod_name);
-
 void serialize_in_addrs(FILE *f, const char *key, struct in_addr *addresses, size_t size);
 int deserialize_in_addrs(struct in_addr **addresses, size_t *size, const char *string);
 int deserialize_in6_addrs(struct in6_addr **addresses, size_t *size, const char *string);