networkd: drop CAP_SYS_MODULE

Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.

1 files changed, 0 insertions, 6 deletions

diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
index c4a325de42..4b35ea0d29 100644
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@@ -21,7 +21,6 @@
 
 #include <sys/socket.h>
 #include <linux/if.h>
-#include <libkmod.h>
 
 #include "conf-parser.h"
 #include "path-util.h"
@@ -120,10 +119,6 @@ int manager_new(Manager **ret) {
                         return -ENOMEM;
         }
 
-        m->kmod_ctx = kmod_new(NULL, NULL);
-        if (!m->kmod_ctx)
-                return -ENOMEM;
-
         m->links = hashmap_new(uint64_hash_func, uint64_compare_func);
         if (!m->links)
                 return -ENOMEM;
@@ -150,7 +145,6 @@ void manager_free(Manager *m) {
 
         free(m->state_file);
 
-        kmod_unref(m->kmod_ctx);
         udev_monitor_unref(m->udev_monitor);
         udev_unref(m->udev);
         sd_bus_unref(m->bus);