[systemd-devel] [question] networkd: Any support for hooks?
Lennart Poettering
lennart at poettering.net
Wed Nov 5 03:14:50 PST 2014
On Tue, 04.11.14 14:48, Dan Williams (dcbw at redhat.com) wrote:
> > > > Can you be more specific what precisely you intend to hook in there?
> > > > I'd really prefer if we could find different solutions for the common
> > > > usecases.
> > >
> > > Example: I'd like to add interface to proper firewalld "zone".
> > > Ideally it could be done by networkd itself (it just one dbus call:
> > > addInterface(in s zone, in s interface, …) based on new Zone=string
> > > setting in .netdev file.
> > > Hook can determine which zone interface should belong to and call
> > > firewall-cmd --zone=<zone> --add-interface=<interface>
> >
> > If firewalld shall be dynamic then it really should listen to rtnl on
> > its own. It's the wrong way round, you don't want to to call into
> > higher level software from lower level one. It's the higher level
> > software that should subscribe to changes from the lower level software.
>
> firewalld can't get the information that WiFi network Starbucks should
> be locked down more than your home network. How is it supposed to get
> that information just listening to rtnl or other kernel events? The
> kernel doesn't care; the only source of that information is the
> connection manager.
Well, even if the connection manager keeps track of information for
that it should be firewalld that queries it from the connection
manager, and not the connection manager calling out to firewalld.
It's really not clean design to have the lower layers of the stack
call out to the higher layers of the stack. It should be the higher
layers that subscribe to the lower layers.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list