[systemd-devel] systemd-nspawn trouble
Dominick Grift
dac.override at gmail.com
Wed Apr 22 07:18:33 PDT 2015
> > > 2015-04-22 14:14 GMT+02:00 Lennart Poettering <lennart at poettering.net>:
> > >
> > > Well, I really don't want to give networkd the caps for that,
> > > sorry. It's a network facing daemon, it should not be able to load
> > > kernel modules.
> >
> > But it is okay for networkd to manipulate the firewall directly.
>
> Yes, networkd configures the network. That's its raison d'etre.
Thanks for clearing that up. I alway's thought firewalls were a security thing, and that netfilter is mandatory access control framewark that should be, mostly, transparent to applications and services.
--
02DFF788
4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150422/2c247982/attachment.sig>
More information about the systemd-devel
mailing list