[systemd-devel] upower fails with PrivateNetwork=true
Lennart Poettering
lennart at poettering.net
Sat Jul 7 14:46:07 UTC 2018
On Sa, 07.07.18 14:35, Michael Biebl (mbiebl at gmail.com) wrote:
> 2018-07-06 13:23 GMT+02:00 Lennart Poettering <lennart at poettering.net>:
> > Yes, Mantas is right, PrivateNetwork= disconnects the whole of
> > AF_NETLINK from the rest of the system, which means services that
> > require libudev device events can't use it.
>
> Thank you Lennart and Mantas.
> I was indeed not aware that PrivateNetwork=true has that effect wrt AF_NETLINK.
> Thanks for the explanation, this makes it perfectly clear now.
> It's indeed a pitfall one has to keep in mind when using PrivateNetwork=
>
> Tbh, I find it a bit confusing that we have three mechanisms now
> (PrivateNetwork, RestrictAddressFamilies, IPAddressDeny) and when one
> is supposed to use which one of these.
I'd just use all of them wherever possible. They do different things,
and while they might conceptually overlap in parts they also don't
overlap in many others.
PrivateNetwork= doesn't work if you need device enumeration.
IPAddressDeny= only does IP, but does allow restriction per IP address
range.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list