core: allow interface altnames in RestrictNetworkInterfaces=

This patch enables IFNAME_VALID_ALTERNATIVE for checks guarding the parsing of RestrictNetworkInterfaces=. The underlying implementation for this option already supports altnames.
2026-04-14 08:25:20 +09:00 · 2023-12-15 03:22:52 +01:00
parent a19e7f3101
commit 4e0db87e4c
4 changed files with 13 additions and 2 deletions
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -2188,7 +2188,7 @@ int bus_cgroup_set_property(
                                c->restrict_network_interfaces_is_allow_list = is_allow_list;

                        STRV_FOREACH(s, l) {
-                                if (!ifname_valid(*s)) {
+                                if (!ifname_valid_full(*s, IFNAME_VALID_ALTERNATIVE)) {
                                        log_full(LOG_WARNING, "Invalid interface name, ignoring: %s", *s);
                                        continue;
                                }
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -6096,7 +6096,7 @@ int config_parse_restrict_network_interfaces(
                        break;
                }

-                if (!ifname_valid(word)) {
+                if (!ifname_valid_full(word, IFNAME_VALID_ALTERNATIVE)) {
                        log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", word);
                        continue;
                }
--- a/test/units/testsuite-62-6.service
+++ b/test/units/testsuite-62-6.service
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=TEST-62-RESTRICT-IFACES-altname
+[Service]
+ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.1'
+ExecStart=/bin/sh -c 'ping -c 1 -W 0.2 192.168.113.5'
+ExecStart=/bin/sh -c '! ping -c 1 -W 0.2 192.168.113.9'
+RestrictNetworkInterfaces=veth0-altname-with-more-than-15-chars
+RestrictNetworkInterfaces=veth1-altname-with-more-than-15-chars
+Type=oneshot
--- a/test/units/testsuite-62.sh
+++ b/test/units/testsuite-62.sh
@@ -17,6 +17,7 @@ setup() {
        ip -n "ns${i}" link set dev lo up
        ip -n "ns${i}" addr add "192.168.113."$((4*i+1))/30 dev "veth${i}_"
        ip link set dev "veth${i}" up
+        ip link property add dev "veth${i}" altname "veth${i}-altname-with-more-than-15-chars"
        ip addr add "192.168.113."$((4*i+2))/30 dev "veth${i}"
    done
 }