On Wed, 22.04.15 14:22, Michael Biebl (mbi...@gmail.com) wrote: > 2015-04-22 14:14 GMT+02:00 Lennart Poettering <lenn...@poettering.net>: > > On Wed, 22.04.15 14:09, Michael Biebl (mbi...@gmail.com) wrote: > > > >> 2015-04-22 13:57 GMT+02:00 Lennart Poettering <lenn...@poettering.net>: > >> >> Maybe we should simply list the iptables kernel modules in > >> >> src/core/kmod-setup, and then tell people to blacklist them if they > >> >> really don't want them. > >> > > >> > I have made such a change now: > >> > > >> > http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d3087978a8ee23107cb64aa55ca97aefe9531e2 > >> > >> Not everyone is using networkd or nspawn though, so loading this > >> module for everyone is a bit excessive. > > > > Well, then blacklist the module or don't build it at all. > > That's the wrong way around.
Nah, I disagree. We do this for a number of modules now. I mean, we load tons of modules automatically, even if you don't use them. For example, my laptop always loads the bluetooth modules, even though I never used bluetooth. We always load more kmods than strictly necessary, simply to ensure a good user experience, and so we should do this in this case too. And the blacklist is a good answer to give the user control, if he wants to opt out of some modules. (Also note that this is a non-issue on distros like Fedora, where the kmod is built-in anyway.) > > >> Why non let nspawn and networkd complain loudly if iptables support is > >> missing? > >> This would also be better in case you have a kernel compiled withouth > >> iptables support. > > > > For the same reason that iptables doesn't complain loudly but loads > > it. To be user-friendly and just make things work? > > iptables loads it on-demand, If nspawn or networkd would load it > on-demand, I would have no problem with it. Well, I really don't want to give networkd the caps for that, sorry. It's a network facing daemon, it should not be able to load kernel modules. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel