[systemd-devel] systemd-nspawn trouble
Michael Biebl
mbiebl at gmail.com
Sun May 17 08:30:09 PDT 2015
2015-05-15 22:16 GMT+02:00 Tom Gundersen <teg at jklm.no>:
> on-demand I agree with Lennart that it makes the most sense to simply
> unconditionally load the modules. If this is undesirable the solution
> should be to teach the kernel to auto-load the modules, not to expect
> the admin to figure out that explicit loading is required, IMHO.
And now we expect that the admin figures out how to disable loading of
the iptables module, which isn't anymore obvious.
What I was suggesting was, that the iptables modules should only be
loaded on demand, i.e. when the firewalling functionality is actually
used. Lennart did argue, that he didn't want to do that within
networkd, since he didn't want to grant networkd that capability to
load modules and therefor to load the module unconditionally in PID 1.
But moving the modules loading out of networkd doesn't mean, it has to
be done unconditonally, see how we did it for
udev/kmod-static-nodes.service
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
More information about the systemd-devel
mailing list