Roy Marples wrote: >> Anyway, what we really need is ability to turn off that coldplug thing >> *completely* on *udev* level and restore some sanity. I really don't >> need to have my TV card coldplugged at the point when /dev is being >> populated by devices (e.g., Bug 130766 or Bug 128962). > > Not going to help 128962 as the firewire module is already loaded and has > taken eth0 ....
Well, it should not be loaded first of all... Hence why I want to have
an ability to turn off the coldplug thing *completely* on udev level. I
don't have any use for such automagic stuff, it just complicates things
instead of making them easier. Blacklisting every single module that
gets coldplugged for whatever weird reason is not a sane way to work
around a problem that doesn't need to exist in the first place. Also,
it's not really clear what determines whether something gets coldplugged
or not. As said, the devices range from TV cards over NICs to USB
sticks... Uh. :/
>> Also I'd like to note that coldplugging network devices in such way may
>> be a security risk as well, as firewall gets started much later than net
>> gets started. There's Bug 119613 about this. There was also Bug 78495
>> about this, got solved on hotplug level, but the latest udev versions
>> moved the problem to coldplug level instead (even worse IMHO).
>
> Add your firewall script to the boot runlevel and depend like so
>
> depend() {
> before net
> }
>
> Solved!
>
iptables already has "before net", doesn't exactly help. Well, I don't
need net on boot level first of all and I didn't set it to be launched
at that runlevel. The runlevel setting gets ignored, however.
> hotplug_$iface was a fudge, a very bad idea that has been removed baelayout.
> If baselayout is to have any hotplug/coldplug control it should be on a
> service level and not just a network level.
Well yeah, as noted above, we are just probably solving the thing in a
wrong place to work around udev problem.
--
jakub
signature.asc
Description: OpenPGP digital signature
