[systemd-devel] [PATCH] Add a network-pre.target to avoid firewall leaks
Rusty Bird
rustybird at openmailbox.org
Fri Jun 6 05:53:01 PDT 2014
https://bugs.freedesktop.org/show_bug.cgi?id=79600
---
Makefile.am | 1 +
man/systemd.special.xml | 1 +
units/network-pre.target | 11 +++++++++++
units/network.target | 2 ++
units/systemd-networkd.service.in | 3 ++-
5 files changed, 17 insertions(+), 1 deletion(-)
create mode 100644 units/network-pre.target
diff --git a/Makefile.am b/Makefile.am
index a2a01d0..79adc34 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -413,6 +413,7 @@ dist_systemunit_DATA = \
units/remote-fs.target \
units/remote-fs-pre.target \
units/network.target \
+ units/network-pre.target \
units/network-online.target \
units/nss-lookup.target \
units/nss-user-lookup.target \
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 8ccccc2..7515cf8 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -71,6 +71,7 @@
<filename>local-fs-pre.target</filename>,
<filename>multi-user.target</filename>,
<filename>network.target</filename>,
+ <filename>network-pre.target</filename>,
<filename>network-online.target</filename>,
<filename>nss-lookup.target</filename>,
<filename>nss-user-lookup.target</filename>,
diff --git a/units/network-pre.target b/units/network-pre.target
new file mode 100644
index 0000000..0c4a0ca
--- /dev/null
+++ b/units/network-pre.target
@@ -0,0 +1,11 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Network (Pre)
+Documentation=man:systemd.special(7)
+RefuseManualStart=yes
diff --git a/units/network.target b/units/network.target
index 65fc64b..6966035 100644
--- a/units/network.target
+++ b/units/network.target
@@ -9,3 +9,5 @@
Description=Network
Documentation=man:systemd.special(7)
Documentation=http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
+Requires=network-pre.target
+After=network-pre.target
diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index 373ac4e..8e4d213 100644
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -9,8 +9,9 @@
Description=Network Service
Documentation=man:systemd-networkd.service(8)
DefaultDependencies=no
-After=dbus.service
+After=dbus.service network-pre.target
Before=network.target
+Requires=network-pre.target
Wants=network.target
ConditionCapability=CAP_NET_ADMIN
--
2.0.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140606/f960b0b1/attachment.sig>
More information about the systemd-devel
mailing list