> > > 2015-04-22 14:14 GMT+02:00 Lennart Poettering <lennart at poettering.net>:
> > >
> > > Well, I really don't want to give networkd the caps for that,
> > > sorry. It's a network facing daemon, it should not be able to load
> > > kernel modules.
> >
> > But it is okay for networkd to manipulate the firewall directly.
>
> Yes, networkd configures the network. That's its raison d'etre.

Thanks for clearing that up. I alway's thought firewalls were a security thing, 
and that netfilter is mandatory access control framewark that should be, 
mostly, transparent to applications and services.

-- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift

Attachment: pgpbPvtZbgCoo.pgp
Description: PGP signature

_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to