> > > 2015-04-22 14:14 GMT+02:00 Lennart Poettering <lennart at poettering.net>: > > > > > > Well, I really don't want to give networkd the caps for that, > > > sorry. It's a network facing daemon, it should not be able to load > > > kernel modules. > > > > But it is okay for networkd to manipulate the firewall directly. > > Yes, networkd configures the network. That's its raison d'etre.
Thanks for clearing that up. I alway's thought firewalls were a security thing, and that netfilter is mandatory access control framewark that should be, mostly, transparent to applications and services. -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift
pgpbPvtZbgCoo.pgp
Description: PGP signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel