[systemd-devel] [PATCH] Add a network-pre.target to avoid firewall leaks
Lennart Poettering
lennart at poettering.net
Tue Jun 10 09:53:22 PDT 2014
On Fri, 06.06.14 12:53, Rusty Bird (rustybird at openmailbox.org) wrote:
Humm. I can't say I particularly like the idea, but I can't dissmiss
this either, I figure we have to do something like this.
However, if we do this, then this needs to be a "passive" target, see
systemd.special(7), under "Special passive system units", and it should
be documented in that section. "Passive" means it is pulled it by the
units that implement a pre job, not by the units that implement the
networking stack. This way it doesn't get added to the initial
transaction unless there's actually some service that needs to be pulled
in. See the man page for further discussion on this.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list