nspawn: check validity of the internal interface name only explicitly specified

Follow-up for 2f091b1b49. Fixes #28844.
2026-04-14 08:25:20 +09:00 · 2023-08-23 12:13:44 +09:00
parent 6d9829e724
commit 927e20fa49
2 changed files with 15 additions and 13 deletions
--- a/src/nspawn/nspawn-network.c
+++ b/src/nspawn/nspawn-network.c
@@ -774,20 +774,22 @@ static int network_iface_pair_parse(const char* iftype, char ***l, const char *p
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                               "%s, interface name not valid: %s", iftype, a);

-                if (isempty(interface)) {
-                        if (ifprefix)
-                                b = strjoin(ifprefix, a);
-                        else
-                                b = strdup(a);
-                } else
+                /* Here, we only check the validity of the specified second name. If it is not specified,
+                 * the copied or prefixed name should be already valid, except for its length. If it is too
+                 * long, then it will be shortened later. */
+                if (!isempty(interface)) {
+                        if (!ifname_valid(interface))
+                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                                       "%s, interface name not valid: %s", iftype, interface);
+
                        b = strdup(interface);
+                } else if (ifprefix)
+                        b = strjoin(ifprefix, a);
+                else
+                        b = strdup(a);
                if (!b)
                        return log_oom();

-                if (!ifname_valid(b))
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                               "%s, interface name not valid: %s", iftype, b);
-
                r = strv_consume_pair(l, TAKE_PTR(a), TAKE_PTR(b));
                if (r < 0)
                        return log_oom();
--- a/test/units/testsuite-13.nspawn.sh
+++ b/test/units/testsuite-13.nspawn.sh
@@ -341,7 +341,7 @@ testcase_nspawn_settings() {
    rm -f "/etc/systemd/nspawn/$container.nspawn"
    mkdir -p "$root/tmp" "$root"/opt/{tmp,inaccessible,also-inaccessible}

-    for dev in sd-host-only sd-shared{1,2} sd-macvlan{1,2} sd-ipvlan{1,2}; do
+    for dev in sd-host-only sd-shared{1,2} sd-macvlan{1,2} sd-macvlanloong sd-ipvlan{1,2} sd-ipvlanlooong; do
        ip link add "$dev" type dummy
    done
    udevadm settle
@@ -395,8 +395,8 @@ VirtualEthernet=yes
 VirtualEthernetExtra=my-fancy-veth1
 VirtualEthernetExtra=fancy-veth2:my-fancy-veth2
 Interface=sd-shared1 sd-shared2:sd-shared2
-MACVLAN=sd-macvlan1 sd-macvlan2:my-macvlan2
-IPVLAN=sd-ipvlan1 sd-ipvlan2:my-ipvlan2
+MACVLAN=sd-macvlan1 sd-macvlan2:my-macvlan2 sd-macvlanloong
+IPVLAN=sd-ipvlan1 sd-ipvlan2:my-ipvlan2 sd-ipvlanlooong
 Zone=sd-zone0
 Port=80
 Port=81:8181