From d48a7a17df09248112efccf2a166b75bb7b2021e Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Thu, 28 Aug 2014 15:27:20 -0700 Subject: [PATCH] nixos/network-interfaces: Sanitize sys-subsystem device names Currently, nixos will allow for interface names with special characters such as the hyphen to be used. This presents a problem when using systemd device names as the namespace paths are separated using hyphens. Within systemd, if a device name has a hyphen it should be replaced with the escape sequence \x2d. This patch sanitizes all interface names before they are used in a systemd device string. --- nixos/modules/tasks/network-interfaces.nix | 29 +++++++++++++--------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index ca7a5ab77add..868039177d87 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -1,6 +1,7 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, utils, ... }: with lib; +with utils; let @@ -10,6 +11,10 @@ let hasSits = cfg.sits != { }; hasBonds = cfg.bonds != { }; + # We must escape interfaces due to the systemd interpretation + subsystemDevice = interface: + "sys-subsystem-net-devices-${escapeSystemdPath interface}.device"; + addrOpts = v: assert v == 4 || v == 6; { @@ -603,8 +608,8 @@ in nameValuePair "${i.name}-cfg" { description = "Configuration of ${i.name}"; wantedBy = [ "network-interfaces.target" ]; - bindsTo = [ "sys-subsystem-net-devices-${i.name}.device" ]; - after = [ "sys-subsystem-net-devices-${i.name}.device" ]; + bindsTo = [ (subsystemDevice i.name) ]; + after = [ (subsystemDevice i.name) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute pkgs.gawk ]; @@ -684,7 +689,7 @@ in { description = "Virtual Network Interface ${i.name}"; requires = [ "dev-net-tun.device" ]; after = [ "dev-net-tun.device" ]; - wantedBy = [ "network.target" "sys-subsystem-net-devices-${i.name}.device" ]; + wantedBy = [ "network.target" (subsystemDevice i.name) ]; path = [ pkgs.iproute ]; serviceConfig = { Type = "oneshot"; @@ -702,10 +707,10 @@ in createBridgeDevice = n: v: nameValuePair "${n}-netdev" (let - deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces; + deps = map subsystemDevice v.interfaces; in { description = "Bridge Interface ${n}"; - wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ]; + wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; after = deps; serviceConfig.Type = "oneshot"; @@ -742,10 +747,10 @@ in createBondDevice = n: v: nameValuePair "${n}-netdev" (let - deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces; + deps = map subsystemDevice v.interfaces; in { description = "Bond Interface ${n}"; - wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ]; + wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; after = deps; serviceConfig.Type = "oneshot"; @@ -781,10 +786,10 @@ in createSitDevice = n: v: nameValuePair "${n}-netdev" (let - deps = optional (v.dev != null) "sys-subsystem-net-devices-${v.dev}.device"; + deps = optional (v.dev != null) (subsystemDevice v.dev); in { description = "6-to-4 Tunnel Interface ${n}"; - wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ]; + wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; after = deps; serviceConfig.Type = "oneshot"; @@ -807,10 +812,10 @@ in createVlanDevice = n: v: nameValuePair "${n}-netdev" (let - deps = [ "sys-subsystem-net-devices-${v.interface}.device" ]; + deps = [ (subsystemDevice v.interface) ]; in { description = "Vlan Interface ${n}"; - wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ]; + wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; after = deps; serviceConfig.Type = "oneshot";