CA-323523: Restrict the interface of the Dhclient module

robhoes · robhoes · commit af0b2bbecb86 · 2019-07-16T14:47:10.000+01:00
Signed-off-by: Rob Hoes &lt;rob.hoes@citrix.com&gt;
diff --git a/lib/network_utils.ml b/lib/network_utils.ml
@@ -722,7 +722,17 @@ module Linux_bonding = struct
       error "Bond %s does not exist; cannot set properties" master
 end
 
-module Dhclient = struct
+module Dhclient :
+sig
+  type interface = string
+  val remove_conf_file : ?ipv6:bool -> interface -> unit
+  val is_running : ?ipv6:bool -> interface -> bool
+  val stop : ?ipv6:bool -> interface -> unit
+  val ensure_running : ?ipv6:bool -> interface -> [> `dns of string | `gateway of string ] list -> unit
+end =
+struct
+  type interface = string
+
   let pid_file ?(ipv6=false) interface =
     let ipv6' = if ipv6 then "6" else "" in
     Printf.sprintf "/var/run/dhclient%s-%s.pid" ipv6' interface
diff --git a/networkd/network_server.ml b/networkd/network_server.ml
@@ -327,7 +327,7 @@ module Interface = struct
           Sysctl.set_ipv6_autoconf name false;
           Ip.flush_ip_addr ~ipv6:true name;
           Ip.set_ipv6_link_local_addr name;
-          ignore (Dhclient.start ~ipv6:true name [])
+          ignore (Dhclient.ensure_running ~ipv6:true name [])
         | Autoconf6 ->
           if Dhclient.is_running ~ipv6:true name then
             ignore (Dhclient.stop ~ipv6:true name);
