From 4e0db87e4c22209be8cf01dd7536d32145bd3869 Mon Sep 17 00:00:00 2001 From: networkException Date: Fri, 15 Dec 2023 03:22:52 +0100 Subject: [PATCH] core: allow interface altnames in RestrictNetworkInterfaces= This patch enables IFNAME_VALID_ALTERNATIVE for checks guarding the parsing of RestrictNetworkInterfaces=. The underlying implementation for this option already supports altnames. --- src/core/dbus-cgroup.c | 2 +- src/core/load-fragment.c | 2 +- test/units/testsuite-62-6.service | 10 ++++++++++ test/units/testsuite-62.sh | 1 + 4 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 test/units/testsuite-62-6.service diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c index 4237e694c01..4c0b3ddf9c2 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c @@ -2188,7 +2188,7 @@ int bus_cgroup_set_property( c->restrict_network_interfaces_is_allow_list = is_allow_list; STRV_FOREACH(s, l) { - if (!ifname_valid(*s)) { + if (!ifname_valid_full(*s, IFNAME_VALID_ALTERNATIVE)) { log_full(LOG_WARNING, "Invalid interface name, ignoring: %s", *s); continue; } diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 05843662c75..b424ef06207 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -6096,7 +6096,7 @@ int config_parse_restrict_network_interfaces( break; } - if (!ifname_valid(word)) { + if (!ifname_valid_full(word, IFNAME_VALID_ALTERNATIVE)) { log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", word); continue; } diff --git a/test/units/testsuite-62-6.service b/test/units/testsuite-62-6.service new file mode 100644 index 00000000000..876d8f36e77 --- /dev/null +++ b/test/units/testsuite-62-6.service @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +[Unit] +Description=TEST-62-RESTRICT-IFACES-altname +[Service] +ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.1' +ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.5' +ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.9' +RestrictNetworkInterfaces=veth0-altname-with-more-than-15-chars +RestrictNetworkInterfaces=veth1-altname-with-more-than-15-chars +Type=oneshot diff --git a/test/units/testsuite-62.sh b/test/units/testsuite-62.sh index ed408218fab..0dbedc4c868 100755 --- a/test/units/testsuite-62.sh +++ b/test/units/testsuite-62.sh @@ -17,6 +17,7 @@ setup() { ip -n "ns${i}" link set dev lo up ip -n "ns${i}" addr add "192.168.113."$((4*i+1))/30 dev "veth${i}_" ip link set dev "veth${i}" up + ip link property add dev "veth${i}" altname "veth${i}-altname-with-more-than-15-chars" ip addr add "192.168.113."$((4*i+2))/30 dev "veth${i}" done } -- 2.47.3