From bddfc8afd329ac68a23f66a3512d4e249af25191 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Mon, 2 Jun 2014 21:50:50 +0200
Subject: networkd: drop CAP_SYS_MODULE

Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.
---
 src/libsystemd-network/network-internal.c | 35 -------------------------------
 1 file changed, 35 deletions(-)

(limited to 'src/libsystemd-network/network-internal.c')

diff --git a/src/libsystemd-network/network-internal.c b/src/libsystemd-network/network-internal.c
index 261603f841..e9146d0e54 100644
--- a/src/libsystemd-network/network-internal.c
+++ b/src/libsystemd-network/network-internal.c
@@ -327,41 +327,6 @@ int net_parse_inaddr(const char *address, unsigned char *family, void *dst) {
         return 0;
 }
 
-int load_module(struct kmod_ctx *ctx, const char *mod_name) {
-        struct kmod_list *modlist = NULL, *l;
-        int r;
-
-        assert(ctx);
-        assert(mod_name);
-
-        r = kmod_module_new_from_lookup(ctx, mod_name, &modlist);
-        if (r < 0)
-                return r;
-
-        if (!modlist) {
-                log_error("Failed to find module '%s'", mod_name);
-                return -ENOENT;
-        }
-
-        kmod_list_foreach(l, modlist) {
-                struct kmod_module *mod = kmod_module_get_module(l);
-
-                r = kmod_module_probe_insert_module(mod, 0, NULL, NULL, NULL, NULL);
-                if (r == 0)
-                        log_info("Inserted module '%s'", kmod_module_get_name(mod));
-                else {
-                        log_error("Failed to insert '%s': %s", kmod_module_get_name(mod),
-                                  strerror(-r));
-                }
-
-                kmod_module_unref(mod);
-        }
-
-        kmod_module_unref_list(modlist);
-
-        return r;
-}
-
 void serialize_in_addrs(FILE *f, const char *key, struct in_addr *addresses, size_t size) {
         unsigned i;
 
-- 
cgit v1.2.3-54-g00ecf