Ticket: CM-7066
Reviewed By: scotte,roopa,olson
Testing Done: Unit testing and regression testing
This patch does two things:
1. It moves the interfaces config file name to the ifupdown2.conf file in /etc/network/ifupdown2.
This should allow administrators to specify a config file location different from the default and allow
subsets of users to use it without giving them access to specifying their own with the -i option in ifup/ifdown.
2. It also adds a new config setting called "disable_cli_interfacesfile" used to prevent users
from specifying their own interfaces file. This defaults to "1" (even if it is not configured).
Note: this new default takes away users ability to specify an interfaces file.
This should close the vulnerability where users could specify their own interfaces file
and add arbitrary user commands.
This leaves the shell=True option in the user commands add-on module since the ifup/ifdown/ifreload/ifquery
commands already require root access to run and the interfaces config file also requires root access to modify.
Ticket: CM-6587
Reviewed By: roopa
Testing Done: checked man paged
If we do an ifdown on all ports and try to exclude a bond or bridge port.
But we also have an iface defined for swp1 or swp4
(even if these are empty).
The lower interfaces will not be excluded. So if we
do an "ifdown -a -X bridge", swp ports in the bridge or bond
will go down effectively bringing a bond or bridge down.
This patch simply adds some documentation to the man pages.
ifupdown2 never follows dependents if the user has given an
interface list (unless explicitly requested with --with-depends
option which is available with some options).
example fixes
Ticket: CM-2911
Reviewed By: CCR-1637
Testing Done: tested ifupdown2 sanity and bash completion
The python argcomplete module that i use for ifupdown2 has a limitation
that it does not work with sudo when used in the global mode. But there is
a workaround for it online (long story short...instead of enabling the global
argparse complete ...the author recommends registering argparse complete bash
completion individually for your script). This patch does just that.
This patch also moves the udev overrides to their respective packages.
Two of them are owned by ifupdown2.
Conflicts:
rootconf/default/home/cumulus/sysroot-complete
