diff options
| author | Tom Gundersen <teg@jklm.no> | 2014-06-02 21:50:50 +0200 |
|---|---|---|
| committer | Tom Gundersen <teg@jklm.no> | 2014-06-03 00:40:23 +0200 |
| commit | bddfc8afd329ac68a23f66a3512d4e249af25191 (patch) | |
| tree | ebd7a09270848e57e4664cd664e17e81e8cf9135 /src/network/networkd-tunnel.c | |
| parent | a613382bbf4357ce13f17c988713b80172e091fb (diff) | |
networkd: drop CAP_SYS_MODULE
Rely on modules being built-in or autoloaded on-demand.
As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.
Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.
Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.
This sholud fix the various build issues people have reported.
Diffstat (limited to 'src/network/networkd-tunnel.c')
| -rw-r--r-- | src/network/networkd-tunnel.c | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/src/network/networkd-tunnel.c b/src/network/networkd-tunnel.c index e3ceb8b52b..60b16ba849 100644 --- a/src/network/networkd-tunnel.c +++ b/src/network/networkd-tunnel.c @@ -24,7 +24,6 @@ #include <net/if.h> #include <linux/ip.h> #include <linux/if_tunnel.h> -#include <libkmod.h> #include "sd-rtnl.h" #include "networkd.h" @@ -443,27 +442,6 @@ int netdev_create_tunnel(Link *link, sd_rtnl_message_handler_t callback) { assert(netdev->ifname); assert(netdev->manager); assert(netdev->manager->rtnl); - assert(netdev->manager->kmod_ctx); - - /* Load kernel module first */ - switch(netdev->kind) { - case NETDEV_KIND_IPIP: - case NETDEV_KIND_GRE: - case NETDEV_KIND_SIT: - r = load_module(netdev->manager->kmod_ctx, - netdev_kind_to_string(netdev->kind)); - if (r < 0) { - log_error_netdev(netdev, - "Could not load Kernel module: %s . Ignoring", - netdev_kind_to_string(netdev->kind)); - return r; - } - break; - case NETDEV_KIND_VTI: - break; - default: - return -ENOTSUP; - } r = sd_rtnl_message_new_link(netdev->manager->rtnl, &m, RTM_NEWLINK, 0); if (r < 0) { |