From bddfc8afd329ac68a23f66a3512d4e249af25191 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Mon, 2 Jun 2014 21:50:50 +0200
Subject: networkd: drop CAP_SYS_MODULE

Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.
---
 src/network/networkd-tunnel.c | 22 ----------------------
 1 file changed, 22 deletions(-)

(limited to 'src/network/networkd-tunnel.c')

diff --git a/src/network/networkd-tunnel.c b/src/network/networkd-tunnel.c
index e3ceb8b52b..60b16ba849 100644
--- a/src/network/networkd-tunnel.c
+++ b/src/network/networkd-tunnel.c
@@ -24,7 +24,6 @@
 #include <net/if.h>
 #include <linux/ip.h>
 #include <linux/if_tunnel.h>
-#include <libkmod.h>
 
 #include "sd-rtnl.h"
 #include "networkd.h"
@@ -443,27 +442,6 @@ int netdev_create_tunnel(Link *link, sd_rtnl_message_handler_t callback) {
         assert(netdev->ifname);
         assert(netdev->manager);
         assert(netdev->manager->rtnl);
-        assert(netdev->manager->kmod_ctx);
-
-        /* Load kernel module first */
-        switch(netdev->kind) {
-        case NETDEV_KIND_IPIP:
-        case NETDEV_KIND_GRE:
-        case NETDEV_KIND_SIT:
-                r = load_module(netdev->manager->kmod_ctx,
-                                netdev_kind_to_string(netdev->kind));
-                if (r < 0) {
-                        log_error_netdev(netdev,
-                                         "Could not load Kernel module: %s . Ignoring",
-                                         netdev_kind_to_string(netdev->kind));
-                        return r;
-                }
-                break;
-        case NETDEV_KIND_VTI:
-                break;
-        default:
-                return -ENOTSUP;
-        }
 
         r = sd_rtnl_message_new_link(netdev->manager->rtnl, &m, RTM_NEWLINK, 0);
         if (r < 0) {
-- 
cgit v1.2.3-54-g00ecf