mirror of
https://github.com/CumulusNetworks/ifupdown2.git
synced 2024-05-06 15:54:50 +00:00
1e6d7bd76c
Ticket: CM-7066 Reviewed By: scotte,roopa,olson Testing Done: Unit testing and regression testing This patch does two things: 1. It moves the interfaces config file name to the ifupdown2.conf file in /etc/network/ifupdown2. This should allow administrators to specify a config file location different from the default and allow subsets of users to use it without giving them access to specifying their own with the -i option in ifup/ifdown. 2. It also adds a new config setting called "disable_cli_interfacesfile" used to prevent users from specifying their own interfaces file. This defaults to "1" (even if it is not configured). Note: this new default takes away users ability to specify an interfaces file. This should close the vulnerability where users could specify their own interfaces file and add arbitrary user commands. This leaves the shell=True option in the user commands add-on module since the ifup/ifdown/ifreload/ifquery commands already require root access to run and the interfaces config file also requires root access to modify.
python-ifupdown2
================
This package is a replacement for the debian ifupdown package.
It is ifupdown re-written in python. It maintains the original ifupdown
pluggable architecture and extends it further.
The python-ifupdown2 package provides the infrastructure for
parsing /etc/network/interfaces file, loading, scheduling and state
management of interfaces.
It dynamically loads python modules from /usr/share/ifupdownmodules (provided
by the python-ifupdown2-addons package). To remain compatible with other
packages that depend on ifupdown, it also executes scripts under /etc/network/.
To make the transition smoother, a python module under
/usr/share/ifupdownmodules will override a script by the same name under
/etc/network/.
It publishes an interface object which is passed to all loadble python
modules. For more details on adding a addon module, see the section on
adding python modules.
pluggable python modules:
=========================
Unlike original ifupdown, all interface configuration is moved to external
python modules. That includes inet, inet6 and dhcp configurations.
A set of default modules are provided by the python-ifupdown2-addons deb.
python-ifupdown2 expects a few things from the pluggable modules:
- the module should implement a class by the same name
- the interface object (class iface) and the operation to be performed is
passed to the modules
- the python addon class should provide a few methods:
- run() : method to configure the interface.
- get_ops() : must return a list of operations it supports.
eg: 'pre-up', 'post-down'
- get_dependent_ifacenames() : must return a list of interfaces the
interface is dependent on. This is used to build the dependency list
for sorting and executing interfaces in dependency order.
- if the module supports -r option to ifquery, ie ability to construct the
ifaceobj from running state, it can optionally implement the
get_dependent_ifacenames_running() method, to return the list of
dependent interfaces derived from running state of the interface.
This is different from get_dependent_ifacenames() where the dependent
interfaces are derived from the interfaces config file (provided by the
user).
Example: Address handling module /usr/share/ifupdownaddons/address.py
build
=====
- get source
- install build dependencies:
apt-get install python-stdeb
apt-get install python-docutils
- cd <python-ifupdown2 sourcedir> && ./build.sh
(generates python-ifupdown2-<ver>.deb)
install
=======
- remove existing ifupdown package
dpkg -r ifupdown
- install python-ifupdown2 using `dpkg -i`
- or install from deb
dpkg -i python-ifupdown2-<ver>.deb
- note that python-ifupdown2 requires python-ifupdown2-addons package to
function. And python-ifupdown2-addons deb has an install dependency on
python-ifupdown2