core: allow interface altnames in RestrictNetworkInterfaces=

author networkException <git@nwex.de>

Fri, 15 Dec 2023 02:22:52 +0000 (03:22 +0100)

committer Lennart Poettering <lennart@poettering.net>

Mon, 18 Dec 2023 14:12:10 +0000 (15:12 +0100)
author networkException <git@nwex.de>
Fri, 15 Dec 2023 02:22:52 +0000 (03:22 +0100)
committer Lennart Poettering <lennart@poettering.net>
Mon, 18 Dec 2023 14:12:10 +0000 (15:12 +0100)
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c

index 4237e694c01223bba2dffbe7c50218bf51746647..4c0b3ddf9c27972efcc9430652891053fc901a17 100644 (file)
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -2188,7 +2188,7 @@ int bus_cgroup_set_property(
                                  c->restrict_network_interfaces_is_allow_list = is_allow_list;
  
                          STRV_FOREACH(s, l) {
-                                if (!ifname_valid(*s)) {
+                                if (!ifname_valid_full(*s, IFNAME_VALID_ALTERNATIVE)) {
                                          log_full(LOG_WARNING, "Invalid interface name, ignoring: %s", *s);
                                          continue;
                                  }
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c

index 05843662c75f0e6ec57b4c24c490b6b8e003eafb..b424ef06207de53c8a9614662779568616afddf7 100644 (file)
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -6096,7 +6096,7 @@ int config_parse_restrict_network_interfaces(
                          break;
                  }
  
-                if (!ifname_valid(word)) {
+                if (!ifname_valid_full(word, IFNAME_VALID_ALTERNATIVE)) {
                          log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", word);
                          continue;
                  }
diff --git a/test/units/testsuite-62-6.service b/test/units/testsuite-62-6.service

new file mode 100644 (file)

index 0000000..876d8f3
--- /dev/null
+++ b/test/units/testsuite-62-6.service
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=TEST-62-RESTRICT-IFACES-altname
+[Service]
+ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.1'
+ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.5'
+ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.9'
+RestrictNetworkInterfaces=veth0-altname-with-more-than-15-chars
+RestrictNetworkInterfaces=veth1-altname-with-more-than-15-chars
+Type=oneshot
diff --git a/test/units/testsuite-62.sh b/test/units/testsuite-62.sh

index ed408218fabf94b842fc38ab610a778a4b857d07..0dbedc4c868408e0343535eaf17f1c34b5c1c7e4 100755 (executable)
--- a/test/units/testsuite-62.sh
+++ b/test/units/testsuite-62.sh
@@ -17,6 +17,7 @@ setup() {
          ip -n "ns${i}" link set dev lo up
          ip -n "ns${i}" addr add "192.168.113."$((4*i+1))/30 dev "veth${i}_"
          ip link set dev "veth${i}" up
+        ip link property add dev "veth${i}" altname "veth${i}-altname-with-more-than-15-chars"
          ip addr add "192.168.113."$((4*i+2))/30 dev "veth${i}"
      done
  }
author	networkException <git@nwex.de>
	Fri, 15 Dec 2023 02:22:52 +0000 (03:22 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 18 Dec 2023 14:12:10 +0000 (15:12 +0100)
src/core/dbus-cgroup.c		patch \| blob \| blame \| history
src/core/load-fragment.c		patch \| blob \| blame \| history
test/units/testsuite-62-6.service	[new file with mode: 0644]	patch \| blob
test/units/testsuite-62.sh		patch \| blob \| blame \| history