| 1 |
On Sat, Jan 12, 2013 at 02:11:43AM +0000, Steven J. Long wrote: |
| 2 |
> Christopher Head wrote: |
| 3 |
> > William Hubbs <williamh@g.o> wrote: |
| 4 |
> > |
| 5 |
> > > There is a way for users to opt out if we default this to on, but I |
| 6 |
> > > think the new naming scheme has advantages over the traditional eth* |
| 7 |
> > > wlan* etc names. |
| 8 |
> > |
| 9 |
> > I think it should be taken with a grain of salt. The page mentions how |
| 10 |
> > it lets you replace a failed NIC without losing its name. But given a |
| 11 |
> > simple computer with just one NIC, if the NIC fails and is replaced |
| 12 |
> > (perhaps by a different type of NIC in a different slot, or perhaps an |
| 13 |
> > onboard NIC disabled in the BIOS and replaced by an add-in), the name |
| 14 |
> > could change, while the kernel’s automatically assigned name will not: |
| 15 |
> > eth0 (this also applies to a computer with one Ethernet NIC and one |
| 16 |
> > wifi NIC: eth0 and wlan0). That fact was never mentioned on the wiki |
| 17 |
> > page, even though it applies to a heck of a lot of systems. Perhaps |
| 18 |
> > something to include when the Gentoo docs are put together, as part of |
| 19 |
> > the balance of reasons to choose one way or the other? |
| 20 |
> > |
| 21 |
> That's a very good point. For the vast majority of users all these |
| 22 |
> "desktop" changes are supposed to help, it's not at all relevant. |
| 23 |
> Obviously it's good to have the functionality should you need it, but |
| 24 |
> again it appears that simple cases are being made complex, just to allow |
| 25 |
> for someone else's complex cases. Which is faulty logic. |
| 26 |
> |
| 27 |
> While many packages have default configurations, changing the default |
| 28 |
> setup for base system packages in the absence of any configuration is |
| 29 |
> not generally a good idea, unless you know for a fact it's not going to |
| 30 |
> mess anything up (which is a big ask given that you're distributing |
| 31 |
> source.) |
| 32 |
> |
| 33 |
> Especially given the arguments presented as a motivation, that all this |
| 34 |
> has "serious security implications, for example in firewall rules which |
| 35 |
> are coded for certain naming schemes, and which are hence very sensitive |
| 36 |
> to unpredictable changing names." |
| 37 |
|
| 38 |
Isn't this the very definition of the kernel-based names? if you do not |
| 39 |
have a persistent net rules file, you are subject to the kernel's naming |
| 40 |
order, and I have heard of situations in the past when people upgrade |
| 41 |
their kernels, etc, and when they reboot their interface names are |
| 42 |
changed around. |
| 43 |
|
| 44 |
> If you're certain that every user with a current simple setup, who |
| 45 |
> uses the kernel default names, and has such a firewall setup isn't |
| 46 |
> going to suddenly find their interface name changed when they reboot, |
| 47 |
> fair play to you. If not, allow the admin to opt-in, rather than force |
| 48 |
> them to opt-out when something breaks. |
| 49 |
|
| 50 |
The following is taken from the wiki: |
| 51 |
|
| 52 |
" |
| 53 |
I don't like this, how do I disable this? |
| 54 |
|
| 55 |
You basically have three options: |
| 56 |
|
| 57 |
1. You disable the assignment of fixed names, so that the unpredictable |
| 58 |
kernel names are used again. For this, simply mask udev's rule file for |
| 59 |
the default policy: |
| 60 |
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules |
| 61 |
|
| 62 |
2. You create your own manual naming scheme, for example by naming your |
| 63 |
interfaces "internet0", "dmz0" or "lan0". For that create your own udev |
| 64 |
rules file and set the NAME property for the devices. Make sure to |
| 65 |
order it before the default policy file, for example by naming it |
| 66 |
/etc/udev/rules.d/70-my-net-names.rules |
| 67 |
|
| 68 |
3. You alter the default policy file, for picking a different naming |
| 69 |
scheme, for example for naming all interface names after their MAC |
| 70 |
address by default: |
| 71 |
|
| 72 |
cp /usr/lib/udev/rules.d/80-net-name-slot.rules /etc/udev/rules.d/80-net-name-slot.rules, |
| 73 |
|
| 74 |
then edit the file there and change the lines as necessary. |
| 75 |
" |
| 76 |
|
| 77 |
If you have upgraded your udev, you see that you have the file |
| 78 |
/etc/udev/rules.d/80-net-name-slot.rules. This file is only created |
| 79 |
*once*, when you upgrade from a version of udev lower than 197. This |
| 80 |
means when this version of udev goes stable, new installs will not |
| 81 |
have this file created. |
| 82 |
|
| 83 |
If you have a file that fits the requirements of option 2 (which |
| 84 |
70-persistent-net.rules does) in your |
| 85 |
/etc/udev/rules.d, you can rm 80-net-name-slot.rules and you will not be |
| 86 |
affected. |
| 87 |
|
| 88 |
If you do not have a file in /etc/udev/rules.d that fits the |
| 89 |
requirements of option 2 and you remove 80-net-name-slot.rules, your |
| 90 |
interface names will change on your next reboot, so you should be |
| 91 |
prepared for that. The created version of |
| 92 |
/etc/udev/rules.d/80-net-name-slot.rules has comments explaining how to |
| 93 |
get the new names of your network interfaces before the reboot so you |
| 94 |
can reconfigure. |
| 95 |
|
| 96 |
William |
Archives