chiark - git - ianmdlvl - elogind.git/commit

author	Tom Gundersen <teg@jklm.no>
	Mon, 2 Jun 2014 19:50:50 +0000 (21:50 +0200)
committer	Tom Gundersen <teg@jklm.no>
	Mon, 2 Jun 2014 22:40:23 +0000 (00:40 +0200)
commit	bddfc8afd329ac68a23f66a3512d4e249af25191
tree	ebd7a09270848e57e4664cd664e17e81e8cf9135	tree \| snapshot
parent	a613382bbf4357ce13f17c988713b80172e091fb	commit \| diff

networkd: drop CAP_SYS_MODULE

Rely on modules being built-in or autoloaded on-demand.

As networkd is a network facing service, we want to limits its capabilities,
as much as possible. Also, we may not have CAP_SYS_MODULE in a container,
and we want networkd to work the same there.

Module autoloading does not always work, but should be fixed by the kernel
patch f98f89a0104454f35a: 'net: tunnels - enable module autoloading', which
is currently in net-next and which people may consider backporting if they
want tunneling support without compiling in the modules.

Early adopters may also use a module-load.d snippet and order
systemd-modules-load.service before networkd to force the module
loading of tunneling modules.

This sholud fix the various build issues people have reported.

Makefile.am		diff \| blob \| history
src/libsystemd-network/network-internal.c		diff \| blob \| history
src/libsystemd-network/network-internal.h		diff \| blob \| history
src/network/networkd-manager.c		diff \| blob \| history
src/network/networkd-tunnel.c		diff \| blob \| history
src/network/networkd.c		diff \| blob \| history
src/network/networkd.h		diff \| blob \| history
units/systemd-networkd.service.in		diff \| blob \| history