diff --git a/config/ifupdown2.conf b/config/ifupdown2.conf index 82c618e..55bfa55 100644 --- a/config/ifupdown2.conf +++ b/config/ifupdown2.conf @@ -10,6 +10,12 @@ template_engine=mako # default template lookup path during template rendering template_lookuppath=/etc/network/ifupdown2/templates +# default network configuration filepath +default_interfaces_configfile=/etc/network/interfaces +# The -i interfacefile option is not allowed by default to +# reduce security issues (due to the pre- and post- commands) +disable_cli_interfacesfile=1 + # Support /etc/network/if-*/ scripts addon_scripts_support=0 diff --git a/docs/source/userguide.rst b/docs/source/userguide.rst index 3e86206..6202bbc 100644 --- a/docs/source/userguide.rst +++ b/docs/source/userguide.rst @@ -66,7 +66,7 @@ Man Pages Configuration Files =================== -* /etc/network/interfaces +* config file defined in ifupdown2.conf (default /etc/network/interfaces) ifupdown Built-in Interfaces diff --git a/ifupdown/networkinterfaces.py b/ifupdown/networkinterfaces.py index 9fe366e..5ef74be 100644 --- a/ifupdown/networkinterfaces.py +++ b/ifupdown/networkinterfaces.py @@ -434,6 +434,10 @@ class networkInterfaces(): Assumes networkinterfaces parser object is initialized with the parser arguments """ + if self.interfacesfile == None: + self.logger.warn('no network interfaces file defined in ifupdown2.conf') + return + if self.interfacesfileformat == 'json': return self.read_file_json(self.interfacesfile, self.interfacesfileiobuf) diff --git a/man.rst/ifquery.8.rst b/man.rst/ifquery.8.rst index 731bf1c..ed808ca 100644 --- a/man.rst/ifquery.8.rst +++ b/man.rst/ifquery.8.rst @@ -33,7 +33,8 @@ DESCRIPTION **ifquery** always works on the current **interfaces(5)** file **/etc/network/interfaces** unless an alternate interfaces file is - provided with the **-i** option. + defined in ifupdown2.conf or provided with the **-i** option. + Note: the -i option is disabled by default in ifupdown2.conf. OPTIONS ======= @@ -67,7 +68,7 @@ OPTIONS -i INTERFACESFILE, --interfaces INTERFACESFILE Use interfaces file instead of default - /etc/network/interfaces + defined in ifupdown2.conf (default /etc/network/interfaces) -t {native,json}, --interfaces-format {native,json} interfaces file format diff --git a/man.rst/ifreload.8.rst b/man.rst/ifreload.8.rst index 4695e5b..0d46083 100644 --- a/man.rst/ifreload.8.rst +++ b/man.rst/ifreload.8.rst @@ -18,7 +18,8 @@ SYNOPSIS DESCRIPTION =========== - reloads network **interfaces(5)** file **/etc/network/interfaces**. + reloads network **interfaces(5)** file **/etc/network/interfaces** + or config file defined in ifupdown2.conf file. Runs **ifdown** on interfaces that were removed from the file and subsequently runs **ifup** on all interfaces. diff --git a/man.rst/ifup.8.rst b/man.rst/ifup.8.rst index 9fdf51c..7ac4541 100644 --- a/man.rst/ifup.8.rst +++ b/man.rst/ifup.8.rst @@ -33,13 +33,13 @@ DESCRIPTION =========== **ifup** and **ifdown** commands can be used to configure (or, respectively, deconfigure) network interfaces based on interface definitions in the - file **/etc/network/interfaces/** file. + config file ifupdown2.conf (defaults to **/etc/network/interfaces/** file). **ifquery(8)** maybe used in conjunction with **ifup** and **ifdown** commands to query and validate applied/running configuration. - **ifup** always works on the current **interfaces(5)** file under - **/etc/network/interfaces**. **ifdown** works on the last applied interface + **ifup** always works on the current **interfaces(5)** file defined in ifupdown2.conf + (default **/etc/network/interfaces**). **ifdown** works on the last applied interface configuration. **ifup** on an already ifup'ed interface will re-apply the configuration, @@ -88,8 +88,11 @@ OPTIONS to be excluded. -i INTERFACESFILE, --interfaces INTERFACESFILE - Use interfaces file instead of default - /etc/network/interfaces + Uses interfaces file instead of default defined in + ifupdown2.conf (default /etc/network/interfaces). + Also in ifupdown2.conf, users are not allowed to specify their own + interfaces file unless disable_cli_interfacesfile is set to 0 + (default is 1). -t {native,json}, --interfaces-format {native,json} interfaces file format diff --git a/man.rst/interfaces.5.rst b/man.rst/interfaces.5.rst index e77e1c9..cbdafa6 100644 --- a/man.rst/interfaces.5.rst +++ b/man.rst/interfaces.5.rst @@ -14,8 +14,9 @@ network interface configuration for ifupdown DESCRIPTION =========== - **/etc/network/interfaces** contains network interface configuration - information for the **ifup(8)**, **ifdown(8)** and **ifquery(8)** commands. + By default, ifupdown2.conf sets **/etc/network/interfaces** as the + network interface configuration file. This file contains information + for the **ifup(8)**, **ifdown(8)** and **ifquery(8)** commands. This is where you configure how your system is connected to the network. @@ -145,7 +146,7 @@ EXAMPLES FILES ===== - /etc/network/interfaces + configuration file defined in ifupdown2.conf (default /etc/network/interfaces) SEE ALSO ======== diff --git a/sbin/ifupdown b/sbin/ifupdown index d6bdeb2..e7469c4 100755 --- a/sbin/ifupdown +++ b/sbin/ifupdown @@ -23,6 +23,7 @@ configfile="/etc/network/ifupdown2/ifupdown2.conf" configmap_g=None logger = None interfacesfileiobuf=None +interfacesfilename=None ENVPATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" def run_up(args): @@ -44,7 +45,7 @@ def run_up(args): cache=cachearg, addons_enable=not args.noaddons, statemanager_enable=not args.noaddons, - interfacesfile=args.interfacesfile, + interfacesfile=interfacesfilename, interfacesfileiobuf=interfacesfileiobuf, interfacesfileformat=args.interfacesfileformat) if args.noaddons: @@ -75,7 +76,7 @@ def run_down(args): dryrun=args.noact, addons_enable=not args.noaddons, statemanager_enable=not args.noaddons, - interfacesfile=args.interfacesfile, + interfacesfile=interfacesfilename, interfacesfileiobuf=interfacesfileiobuf, interfacesfileformat=args.interfacesfileformat) @@ -119,7 +120,7 @@ def run_query(args): withdepends=args.withdepends, perfmode=args.perfmode, cache=cachearg, - interfacesfile=args.interfacesfile, + interfacesfile=interfacesfilename, interfacesfileiobuf=interfacesfileiobuf, interfacesfileformat=args.interfacesfileformat) @@ -136,6 +137,7 @@ def run_reload(args): try: logger.debug('creating ifupdown object ..') ifupdown_handle = ifupdownMain(config=configmap_g, + interfacesfile=interfacesfilename, withdepends=args.withdepends, perfmode=args.perfmode) ifupdown_handle.reload(['pre-up', 'up', 'post-up'], @@ -150,6 +152,7 @@ def run_reload(args): def init(args): global logger global interfacesfileiobuf + global interfacesfilename log_level = logging.WARNING if args.verbose: @@ -182,9 +185,24 @@ def init(args): except: raise - # If interfaces file is stdin, read - if hasattr(args, 'interfacesfile') and args.interfacesfile == '-': - interfacesfileiobuf = sys.stdin.read() + if hasattr(args, 'interfacesfile') and args.interfacesfile != None: + # Check to see if -i option is allowed by config file + if configmap_g.get('disable_cli_interfacesfile','1') == '1': + logger.error('disable_cli_interfacesfile is set so users ' + 'not allowed to specify interfaces file on cli.') + exit(1) + if args.interfacesfile == '-': + # If interfaces file is stdin, read + interfacesfileiobuf = sys.stdin.read() + else: + interfacesfilename = args.interfacesfile + else: + # if the ifupdown2 config file does not have it, default to standard + interfacesfilename = configmap_g.get('default_interfaces_configfile', + '/etc/network/interfaces') + + + def deinit(): {} @@ -222,9 +240,9 @@ def update_argparser(argparser): help='Exclude interfaces from the list of interfaces' + ' to operate on. Can be specified multiple times.') argparser.add_argument('-i', '--interfaces', dest='interfacesfile', - default='/etc/network/interfaces', - help='use interfaces file instead of default ' + - '/etc/network/interfaces') + default=None, + help='Specify interfaces file instead of file defined ' + + 'in ifupdown2.conf file') argparser.add_argument('-t', '--interfaces-format', dest='interfacesfileformat', default='native',