1 |
On Sat, Jan 12, 2013 at 02:11:43AM +0000, Steven J. Long wrote: |
2 |
> Christopher Head wrote: |
3 |
> > William Hubbs <williamh@g.o> wrote: |
4 |
> > |
5 |
> > > There is a way for users to opt out if we default this to on, but I |
6 |
> > > think the new naming scheme has advantages over the traditional eth* |
7 |
> > > wlan* etc names. |
8 |
> > |
9 |
> > I think it should be taken with a grain of salt. The page mentions how |
10 |
> > it lets you replace a failed NIC without losing its name. But given a |
11 |
> > simple computer with just one NIC, if the NIC fails and is replaced |
12 |
> > (perhaps by a different type of NIC in a different slot, or perhaps an |
13 |
> > onboard NIC disabled in the BIOS and replaced by an add-in), the name |
14 |
> > could change, while the kernel’s automatically assigned name will not: |
15 |
> > eth0 (this also applies to a computer with one Ethernet NIC and one |
16 |
> > wifi NIC: eth0 and wlan0). That fact was never mentioned on the wiki |
17 |
> > page, even though it applies to a heck of a lot of systems. Perhaps |
18 |
> > something to include when the Gentoo docs are put together, as part of |
19 |
> > the balance of reasons to choose one way or the other? |
20 |
> > |
21 |
> That's a very good point. For the vast majority of users all these |
22 |
> "desktop" changes are supposed to help, it's not at all relevant. |
23 |
> Obviously it's good to have the functionality should you need it, but |
24 |
> again it appears that simple cases are being made complex, just to allow |
25 |
> for someone else's complex cases. Which is faulty logic. |
26 |
> |
27 |
> While many packages have default configurations, changing the default |
28 |
> setup for base system packages in the absence of any configuration is |
29 |
> not generally a good idea, unless you know for a fact it's not going to |
30 |
> mess anything up (which is a big ask given that you're distributing |
31 |
> source.) |
32 |
> |
33 |
> Especially given the arguments presented as a motivation, that all this |
34 |
> has "serious security implications, for example in firewall rules which |
35 |
> are coded for certain naming schemes, and which are hence very sensitive |
36 |
> to unpredictable changing names." |
37 |
|
38 |
Isn't this the very definition of the kernel-based names? if you do not |
39 |
have a persistent net rules file, you are subject to the kernel's naming |
40 |
order, and I have heard of situations in the past when people upgrade |
41 |
their kernels, etc, and when they reboot their interface names are |
42 |
changed around. |
43 |
|
44 |
> If you're certain that every user with a current simple setup, who |
45 |
> uses the kernel default names, and has such a firewall setup isn't |
46 |
> going to suddenly find their interface name changed when they reboot, |
47 |
> fair play to you. If not, allow the admin to opt-in, rather than force |
48 |
> them to opt-out when something breaks. |
49 |
|
50 |
The following is taken from the wiki: |
51 |
|
52 |
" |
53 |
I don't like this, how do I disable this? |
54 |
|
55 |
You basically have three options: |
56 |
|
57 |
1. You disable the assignment of fixed names, so that the unpredictable |
58 |
kernel names are used again. For this, simply mask udev's rule file for |
59 |
the default policy: |
60 |
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules |
61 |
|
62 |
2. You create your own manual naming scheme, for example by naming your |
63 |
interfaces "internet0", "dmz0" or "lan0". For that create your own udev |
64 |
rules file and set the NAME property for the devices. Make sure to |
65 |
order it before the default policy file, for example by naming it |
66 |
/etc/udev/rules.d/70-my-net-names.rules |
67 |
|
68 |
3. You alter the default policy file, for picking a different naming |
69 |
scheme, for example for naming all interface names after their MAC |
70 |
address by default: |
71 |
|
72 |
cp /usr/lib/udev/rules.d/80-net-name-slot.rules /etc/udev/rules.d/80-net-name-slot.rules, |
73 |
|
74 |
then edit the file there and change the lines as necessary. |
75 |
" |
76 |
|
77 |
If you have upgraded your udev, you see that you have the file |
78 |
/etc/udev/rules.d/80-net-name-slot.rules. This file is only created |
79 |
*once*, when you upgrade from a version of udev lower than 197. This |
80 |
means when this version of udev goes stable, new installs will not |
81 |
have this file created. |
82 |
|
83 |
If you have a file that fits the requirements of option 2 (which |
84 |
70-persistent-net.rules does) in your |
85 |
/etc/udev/rules.d, you can rm 80-net-name-slot.rules and you will not be |
86 |
affected. |
87 |
|
88 |
If you do not have a file in /etc/udev/rules.d that fits the |
89 |
requirements of option 2 and you remove 80-net-name-slot.rules, your |
90 |
interface names will change on your next reboot, so you should be |
91 |
prepared for that. The created version of |
92 |
/etc/udev/rules.d/80-net-name-slot.rules has comments explaining how to |
93 |
get the new names of your network interfaces before the reboot so you |
94 |
can reconfigure. |
95 |
|
96 |
William |