From: networkException <git@nwex.de>
Date: Fri, 15 Dec 2023 02:22:52 +0000 (+0100)
Subject: core: allow interface altnames in RestrictNetworkInterfaces=
X-Git-Tag: v256-rc1~1472
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e0db87e4c22209be8cf01dd7536d32145bd3869;p=thirdparty%2Fsystemd.git

core: allow interface altnames in RestrictNetworkInterfaces=

This patch enables IFNAME_VALID_ALTERNATIVE for checks guarding the
parsing of RestrictNetworkInterfaces=.

The underlying implementation for this option already supports
altnames.
---

diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index 4237e694c01..4c0b3ddf9c2 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -2188,7 +2188,7 @@ int bus_cgroup_set_property(
                                 c->restrict_network_interfaces_is_allow_list = is_allow_list;
 
                         STRV_FOREACH(s, l) {
-                                if (!ifname_valid(*s)) {
+                                if (!ifname_valid_full(*s, IFNAME_VALID_ALTERNATIVE)) {
                                         log_full(LOG_WARNING, "Invalid interface name, ignoring: %s", *s);
                                         continue;
                                 }
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 05843662c75..b424ef06207 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -6096,7 +6096,7 @@ int config_parse_restrict_network_interfaces(
                         break;
                 }
 
-                if (!ifname_valid(word)) {
+                if (!ifname_valid_full(word, IFNAME_VALID_ALTERNATIVE)) {
                         log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", word);
                         continue;
                 }
diff --git a/test/units/testsuite-62-6.service b/test/units/testsuite-62-6.service
new file mode 100644
index 00000000000..876d8f36e77
--- /dev/null
+++ b/test/units/testsuite-62-6.service
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=TEST-62-RESTRICT-IFACES-altname
+[Service]
+ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.1'
+ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.5'
+ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.9'
+RestrictNetworkInterfaces=veth0-altname-with-more-than-15-chars
+RestrictNetworkInterfaces=veth1-altname-with-more-than-15-chars
+Type=oneshot
diff --git a/test/units/testsuite-62.sh b/test/units/testsuite-62.sh
index ed408218fab..0dbedc4c868 100755
--- a/test/units/testsuite-62.sh
+++ b/test/units/testsuite-62.sh
@@ -17,6 +17,7 @@ setup() {
         ip -n "ns${i}" link set dev lo up
         ip -n "ns${i}" addr add "192.168.113."$((4*i+1))/30 dev "veth${i}_"
         ip link set dev "veth${i}" up
+        ip link property add dev "veth${i}" altname "veth${i}-altname-with-more-than-15-chars"
         ip addr add "192.168.113."$((4*i+2))/30 dev "veth${i}"
     done
 }