interface: add config setting to restrict inheritance to template interfaces

dist/ifupdown-ng.conf.example

@@ -8,3 +8,10 @@
 # compatibility with legacy setups, and may be disabled for performance
 # improvements in setups where only ifupdown-ng executors are used.
 allow_addon_scripts = 1
+
+# allow_any_iface_as_template:
+# Enable any interface to act as a template for another interface.
+# This is presently the default, but is deprecated.  An admin may choose
+# to disable this setting in order to require inheritance from specified
+# templates.
+allow_any_iface_as_template = 1

libifupdown/config-file.c

@@ -20,6 +20,7 @@
 
 struct lif_config_file lif_config = {
 	.allow_addon_scripts = true,
+	.allow_any_iface_as_template = true,
 };
 
 static bool
@@ -43,6 +44,7 @@ set_bool_value(const char *key, const char *value, void *opaque)
 
 static struct lif_config_handler handlers[] = {
 	{"allow_addon_scripts", set_bool_value, &lif_config.allow_addon_scripts},
+	{"allow_any_iface_as_template", set_bool_value, &lif_config.allow_any_iface_as_template},
 };
 
 bool

libifupdown/config-file.h

@@ -20,6 +20,7 @@
 
 struct lif_config_file {
 	bool allow_addon_scripts;
+	bool allow_any_iface_as_template;
 };
 
 extern struct lif_config_file lif_config;

libifupdown/interface.c

@@ -16,6 +16,7 @@
 #include <stdio.h>
 #include <string.h>
 #include "libifupdown/interface.h"
+#include "libifupdown/config-file.h"
 
 bool
 lif_address_parse(struct lif_address *address, const char *presentation)
@@ -239,6 +240,9 @@ lif_interface_collection_inherit(struct lif_interface *interface, struct lif_dic
 	if (parent == NULL)
 		return false;
 
+	if (!lif_config.allow_any_iface_as_template && !parent->is_template)
+		return false;
+
 	lif_dict_add(&interface->vars, "inherit", strdup(ifname));
 	interface->is_bond = parent->is_bond;
 	interface->is_bridge = parent->is_bridge;