[systemd-devel] systemd-nspawn trouble

Lennart Poettering lennart at poettering.net
Wed Apr 22 05:14:30 PDT 2015


On Wed, 22.04.15 14:09, Michael Biebl (mbiebl at gmail.com) wrote:

> 2015-04-22 13:57 GMT+02:00 Lennart Poettering <lennart at poettering.net>:
> >> Maybe we should simply list the iptables kernel modules in
> >> src/core/kmod-setup, and then tell people to blacklist them if they
> >> really don't want them.
> >
> > I have made such a change now:
> >
> > http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d3087978a8ee23107cb64aa55ca97aefe9531e2
> 
> Not everyone is using networkd or nspawn though, so loading this
> module for everyone is a bit excessive.

Well, then blacklist the module or don't build it at all.

> Why non let nspawn and networkd complain loudly if iptables support is missing?
> This would also be better in case you have a kernel compiled withouth
> iptables support.

For the same reason that iptables doesn't complain loudly but loads
it. To be user-friendly and just make things work?

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list