upower fails with PrivateNetwork=true

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sa, 07.07.18 14:35, Michael Biebl (mbiebl at gmail.com) wrote:

> 2018-07-06 13:23 GMT+02:00 Lennart Poettering <lennart at poettering.net>:
> > Yes, Mantas is right, PrivateNetwork= disconnects the whole of
> > AF_NETLINK from the rest of the system, which means services that
> > require libudev device events can't use it.
> 
> Thank you Lennart and Mantas.
> I was indeed not aware that PrivateNetwork=true has that effect wrt AF_NETLINK.
> Thanks for the explanation, this makes it perfectly clear now.
> It's indeed a pitfall one has to keep in mind when using PrivateNetwork=
> 
> Tbh, I find it a bit confusing that we have three mechanisms now
> (PrivateNetwork, RestrictAddressFamilies, IPAddressDeny) and when one
> is supposed to use which one of these.

I'd just use all of them wherever possible. They do different things,
and while they might conceptually overlap in parts they also don't
overlap in many others.

PrivateNetwork= doesn't work if you need device enumeration.

IPAddressDeny= only does IP, but does allow restriction per IP address
range.

Lennart

-- 
Lennart Poettering, Red Hat
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux