From 658169e6d307b5b1aea0d82b4a6430fa9d529c68 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 10 Jan 2024 16:18:41 +0100 Subject: [PATCH] network: take explicit ownership of our own interfaces This is a follow-up for #30786 and uses it to assign ID_NET_MANAGED_BY=io.systemd.Network to all all network interfaces that we consider ours to manage. This should hopefully have the effect that other well-behaving managers won't fight for these devices. This doesn't bother with network interfaces we match inside containers, since udev is not available there anyway. --- network/80-6rd-tunnel.link | 24 ++++++++++++++++++++++++ network/80-6rd-tunnel.network | 4 ++-- network/80-container-vb.link | 24 ++++++++++++++++++++++++ network/80-container-vb.network | 8 ++++---- network/80-container-ve.link | 24 ++++++++++++++++++++++++ network/80-container-ve.network | 4 ++-- network/80-container-vz.link | 23 +++++++++++++++++++++++ network/80-vm-vt.link | 23 +++++++++++++++++++++++ network/meson.build | 5 +++++ 9 files changed, 131 insertions(+), 8 deletions(-) create mode 100644 network/80-6rd-tunnel.link create mode 100644 network/80-container-vb.link create mode 100644 network/80-container-ve.link create mode 100644 network/80-container-vz.link create mode 100644 network/80-vm-vt.link diff --git a/network/80-6rd-tunnel.link b/network/80-6rd-tunnel.link new file mode 100644 index 00000000000..eaaeb15ab2d --- /dev/null +++ b/network/80-6rd-tunnel.link @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: MIT-0 +# +# This config file is installed as part of systemd. +# It may be freely copied and edited (following the MIT No Attribution license). +# +# To make local modifications, one of the following methods may be used: +# 1. add a drop-in file that extends this file by creating the +# /etc/systemd/network/80-6rd-tunnel.link.d/ directory and creating a +# new .conf file there. +# 2. copy this file into /etc/systemd/network/ or one of the other paths checked +# by systemd-udevd and edit it there. +# This file should not be edited in place, because it'll be overwritten on upgrades. + +# This .link file matches 6rd-* SIT devices and marks them as managed by +# systemd-networkd. + +[Match] +Kind=sit +Name=6rd-* + +[Network] +NamePolicy=keep +MACAddressPolicy=persistent +Property=ID_NET_MANAGED_BY=io.systemd.Network diff --git a/network/80-6rd-tunnel.network b/network/80-6rd-tunnel.network index 5374ec5b073..96bf526f765 100644 --- a/network/80-6rd-tunnel.network +++ b/network/80-6rd-tunnel.network @@ -7,11 +7,11 @@ # 1. add a drop-in file that extends this file by creating the # /etc/systemd/network/80-6rd-tunnel.network.d/ directory and creating a # new .conf file there. -# 2. copy this file into /etc/systemd/network or one of the other paths checked +# 2. copy this file into /etc/systemd/network/ or one of the other paths checked # by systemd-networkd and edit it there. # This file should not be edited in place, because it'll be overwritten on upgrades. -# This network file matches 6rd-* SIT devices which is automatically created by +# This .network file matches 6rd-* SIT devices which is automatically created by # systemd-networkd when DHCPv4 6RD option is received. [Match] diff --git a/network/80-container-vb.link b/network/80-container-vb.link new file mode 100644 index 00000000000..9e934b8cfdb --- /dev/null +++ b/network/80-container-vb.link @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: MIT-0 +# +# This config file is installed as part of systemd. +# It may be freely copied and edited (following the MIT No Attribution license). +# +# To make local modifications, one of the following methods may be used: +# 1. add a drop-in file that extends this file by creating the +# /etc/systemd/network/80-container-vb.link.d/ directory and creating a +# new .conf file there. +# 2. copy this file into /etc/systemd/network/ or one of the other paths checked +# by systemd-udevd and edit it there. +# This file should not be edited in place, because it'll be overwritten on upgrades. + +# This .link file matches the host-side of the virtual Ethernet link created +# by systemd-nspawn's --network-veth switch with --network-bridge= or +# --network-zone= switch. See systemd-nspawn(1) for details. + +[Match] +Kind=veth +Name=vb-* + +[Link] +NamePolicy=keep +Property=ID_NET_MANAGED_BY=io.systemd.Network diff --git a/network/80-container-vb.network b/network/80-container-vb.network index 806f834e188..6d5ea417956 100644 --- a/network/80-container-vb.network +++ b/network/80-container-vb.network @@ -7,13 +7,13 @@ # 1. add a drop-in file that extends this file by creating the # /etc/systemd/network/80-container-vb.network.d/ directory and creating a # new .conf file there. -# 2. copy this file into /etc/systemd/network or one of the other paths checked +# 2. copy this file into /etc/systemd/network/ or one of the other paths checked # by systemd-networkd and edit it there. # This file should not be edited in place, because it'll be overwritten on upgrades. -# This network file matches the host-side of the virtual Ethernet link -# created by systemd-nspawn's --network-veth switch with --network-bridge or -# --network-zone switch. See systemd-nspawn(1) for details. +# This .network file matches the host-side of the virtual Ethernet link created +# by systemd-nspawn's --network-veth switch with --network-bridge= or +# --network-zone= switch. See systemd-nspawn(1) for details. [Match] Kind=veth diff --git a/network/80-container-ve.link b/network/80-container-ve.link new file mode 100644 index 00000000000..8e17cb7a050 --- /dev/null +++ b/network/80-container-ve.link @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: MIT-0 +# +# This config file is installed as part of systemd. +# It may be freely copied and edited (following the MIT No Attribution license). +# +# To make local modifications, one of the following methods may be used: +# 1. add a drop-in file that extends this file by creating the +# /etc/systemd/network/80-container-ve.link.d/ directory and creating a +# new .conf file there. +# 2. copy this file into /etc/systemd/network/ or one of the other paths checked +# by systemd-udevd and edit it there. +# This file should not be edited in place, because it'll be overwritten on upgrades. + +# This .link file matches the host-side of the virtual Ethernet link +# created by systemd-nspawn's --network-veth switch. See systemd-nspawn(1) for +# details. + +[Match] +Kind=veth +Name=ve-* + +[Link] +NamePolicy=keep +Property=ID_NET_MANAGED_BY=io.systemd.Network diff --git a/network/80-container-ve.network b/network/80-container-ve.network index 076213adc66..21a5eacc4e4 100644 --- a/network/80-container-ve.network +++ b/network/80-container-ve.network @@ -7,11 +7,11 @@ # 1. add a drop-in file that extends this file by creating the # /etc/systemd/network/80-container-ve.network.d/ directory and creating a # new .conf file there. -# 2. copy this file into /etc/systemd/network or one of the other paths checked +# 2. copy this file into /etc/systemd/network/ or one of the other paths checked # by systemd-networkd and edit it there. # This file should not be edited in place, because it'll be overwritten on upgrades. -# This network file matches the host-side of the virtual Ethernet link +# This .network file matches the host-side of the virtual Ethernet link # created by systemd-nspawn's --network-veth switch. See systemd-nspawn(1) for # details. diff --git a/network/80-container-vz.link b/network/80-container-vz.link new file mode 100644 index 00000000000..320f0d31b04 --- /dev/null +++ b/network/80-container-vz.link @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: MIT-0 +# +# This config file is installed as part of systemd. +# It may be freely copied and edited (following the MIT No Attribution license). +# +# To make local modifications, one of the following methods may be used: +# 1. add a drop-in file that extends this file by creating the +# /etc/systemd/network/80-container-vz.link.d/ directory and creating a +# new .conf file there. +# 2. copy this file into /etc/systemd/network/ or one of the other paths checked +# by systemd-udevd and edit it there. +# This file should not be edited in place, because it'll be overwritten on upgrades. + +# This .link file matches the bridge interface created by systemd-nspawn's +# --network-zone= switch. See systemd-nspawn(1) for details. + +[Match] +Kind=bridge +Name=vz-* + +[Link] +NamePolicy=keep +Property=ID_NET_MANAGED_BY=io.systemd.Network diff --git a/network/80-vm-vt.link b/network/80-vm-vt.link new file mode 100644 index 00000000000..83bb80e2b0a --- /dev/null +++ b/network/80-vm-vt.link @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: MIT-0 +# +# This config file is installed as part of systemd. +# It may be freely copied and edited (following the MIT No Attribution license). +# +# To make local modifications, one of the following methods may be used: +# 1. add a drop-in file that extends this file by creating the +# /etc/systemd/network/80-vm-vt.link.d/ directory and creating a +# new .conf file there. +# 2. copy this file into /etc/systemd/network/ or one of the other paths checked +# by systemd-udevd and edit it there. +# This file should not be edited in place, because it'll be overwritten on upgrades. + +# This .link file matches vt-* TUN/TAP devices on the host and marks them as +# managed by systemd-networkd. + +[Match] +Kind=tun +Name=vt-* + +[Link] +NamePolicy=keep +Property=ID_NET_MANAGED_BY=io.systemd.Network diff --git a/network/meson.build b/network/meson.build index 2a472f4f516..9df0bea7609 100644 --- a/network/meson.build +++ b/network/meson.build @@ -3,11 +3,16 @@ if conf.get('ENABLE_NETWORKD') == 1 install_data( '80-6rd-tunnel.network', + '80-6rd-tunnel.link', '80-container-host0.network', '80-container-vb.network', + '80-container-vb.link', '80-container-ve.network', + '80-container-ve.link', '80-container-vz.network', + '80-container-vz.link', '80-vm-vt.network', + '80-vm-vt.link', '80-wifi-adhoc.network', install_dir : networkdir)