platform: give the platform an opportunity to override default-unmanaged

Some out of tree drivers add Ethernet devices that are supposed to be managed
by other their tooling, e.g. VirtualBox or VMWare.

Rather than hardcoding their drivers (at least VirtualBox doesn't even set a
"driver" property in sysfs) or hardcoding a logic that identifies such devices
let's just add a possibility to blacklist them in udev. This makes it possible
for whoever who ships such a driver to ship rules that prevent NetworkManager
from managing the device itself.

Furthermore it makes it possible for the user with special needs leverage the
flexibility of udev rules to override the defaults. In the end the user can
decide to let NetworkManager manage default-unmanaged interfaces such as VEth
or turn on default-unmanaged for devices on a particular bus.

An udev rule for VirtualBox would look like this:

  SUBSYSTEM=="net", ENV{INTERFACE}=="vboxnet[0-9]*", ENV{NM_UNMANAGED}="1"

(cherry picked from commit 85ee1f4a9c04cad8f2486f858efd5ca10cb09077)

6 files changed, 75 insertions, 1 deletions

diff --git a/man/NetworkManager.xml b/man/NetworkManager.xml
index 26f84e5e21..59ea522168 100644
--- a/man/NetworkManager.xml
+++ b/man/NetworkManager.xml
@@ -346,6 +346,33 @@
   </refsect1>
 
   <refsect1>
+    <title>UDEV PROPERTIES</title>
+
+    <para>
+      <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+      device manager is used for the network device discovery. The following
+      property influences how NetworkManager manages the devices:
+    </para>
+
+    <variablelist>
+      <varlistentry>
+	<term><varname>NM_UNMANAGED</varname></term>
+	<listitem><para>
+	  No default connection will be created and automatic activation
+	  will not be attempted when this property of a device is set to a
+	  true value ("1" or "true"). You will still be able to attach a
+	  connection to the device manually or observe externally added
+	  configuration such as addresses or routes.
+	</para><para>
+	  Create an udev rule that sets this property to prevent NetworkManager
+	  from interfering with virtual Ethernet device interfaces that are
+	  managed by virtualization tools.
+	</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
     <title>DEBUGGING</title>
     <para>
       The following environment variables are supported to help
@@ -373,6 +400,7 @@
       <citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>nm-applet</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>nm-connection-editor</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+      <citerefentry><refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum></citerefentry>
     </para>
   </refsect1>
 </refentry>
diff --git a/src/nm-manager.c b/src/nm-manager.c
index 3356bef51c..2ce79e35c0 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -1797,7 +1797,7 @@ add_device (NMManager *self, NMDevice *device, gboolean try_assume)
 	NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
 	const char *iface, *driver, *type_desc;
 	const GSList *unmanaged_specs;
-	gboolean user_unmanaged, sleeping;
+	gboolean user_unmanaged, sleeping, platform_unmanaged;
 	gboolean enabled = FALSE;
 	RfKillType rtype;
 	GSList *iter, *remove = NULL;
@@ -1877,6 +1877,9 @@ add_device (NMManager *self, NMDevice *device, gboolean try_assume)
 	user_unmanaged = nm_device_spec_match_list (device, unmanaged_specs);
 	nm_device_set_initial_unmanaged_flag (device, NM_UNMANAGED_USER, user_unmanaged);
 
+	if (nm_platform_link_get_unmanaged (nm_device_get_ifindex (device), &platform_unmanaged))
+		nm_device_set_initial_unmanaged_flag (device, NM_UNMANAGED_DEFAULT, platform_unmanaged);
+
 	sleeping = manager_sleeping (self);
 	nm_device_set_initial_unmanaged_flag (device, NM_UNMANAGED_INTERNAL, sleeping);
 
diff --git a/src/platform/nm-fake-platform.c b/src/platform/nm-fake-platform.c
index be59f964a6..70d7ace9cc 100644
--- a/src/platform/nm-fake-platform.c
+++ b/src/platform/nm-fake-platform.c
@@ -299,6 +299,12 @@ link_get_type_name (NMPlatform *platform, int ifindex)
 	return type_to_type_name (link_get_type (platform, ifindex));
 }
 
+static gboolean
+link_get_unmanaged (NMPlatform *platform, int ifindex, gboolean *managed)
+{
+	return FALSE;
+}
+
 static void
 link_changed (NMPlatform *platform, NMFakePlatformLink *device)
 {
@@ -1329,6 +1335,7 @@ nm_fake_platform_class_init (NMFakePlatformClass *klass)
 	platform_class->link_get_name = link_get_name;
 	platform_class->link_get_type = link_get_type;
 	platform_class->link_get_type_name = link_get_type_name;
+	platform_class->link_get_unmanaged = link_get_unmanaged;
 
 	platform_class->link_set_up = link_set_up;
 	platform_class->link_set_down = link_set_down;
diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c
index ecde99e6c2..1e5673011b 100644
--- a/src/platform/nm-linux-platform.c
+++ b/src/platform/nm-linux-platform.c
@@ -2370,6 +2370,20 @@ link_get_type_name (NMPlatform *platform, int ifindex)
 	return type;
 }
 
+static gboolean
+link_get_unmanaged (NMPlatform *platform, int ifindex, gboolean *managed)
+{
+	NMLinuxPlatformPrivate *priv = NM_LINUX_PLATFORM_GET_PRIVATE (platform);
+	GUdevDevice *udev_device = g_hash_table_lookup (priv->udev_devices, GINT_TO_POINTER (ifindex));
+
+	if (g_udev_device_get_property (udev_device, "NM_UNMANAGED")) {
+		*managed = g_udev_device_get_property_as_boolean (udev_device, "NM_UNMANAGED");
+		return TRUE;
+	}
+
+	return FALSE;
+}
+
 static guint32
 link_get_flags (NMPlatform *platform, int ifindex)
 {
@@ -4530,6 +4544,7 @@ nm_linux_platform_class_init (NMLinuxPlatformClass *klass)
 	platform_class->link_get_name = link_get_name;
 	platform_class->link_get_type = link_get_type;
 	platform_class->link_get_type_name = link_get_type_name;
+	platform_class->link_get_unmanaged = link_get_unmanaged;
 
 	platform_class->link_refresh = link_refresh;
 
diff --git a/src/platform/nm-platform.c b/src/platform/nm-platform.c
index 725fb2f347..892f74ab7b 100644
--- a/src/platform/nm-platform.c
+++ b/src/platform/nm-platform.c
@@ -684,6 +684,25 @@ nm_platform_link_get_type_name (int ifindex)
 }
 
 /**
+ * nm_platform_link_get_unmanaged:
+ * @ifindex: Interface index.
+ * @managed: Management status in case %TRUE is returned
+ *
+ * Returns: %TRUE if platform overrides whether the device ought
+ * to be managed by default. %FALSE with @managed unmodified
+ * otherwise.
+ */
+gboolean
+nm_platform_link_get_unmanaged (int ifindex, gboolean *managed)
+{
+	reset_error ();
+
+	g_return_val_if_fail (klass->link_get_unmanaged, FALSE);
+
+	return klass->link_get_unmanaged (platform, ifindex, managed);
+}
+
+/**
  * nm_platform_link_is_software:
  * @ifindex: Interface index.
  *
diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h
index a49e0f11ba..e96a517fb9 100644
--- a/src/platform/nm-platform.h
+++ b/src/platform/nm-platform.h
@@ -368,6 +368,7 @@ typedef struct {
 	const char *(*link_get_name) (NMPlatform *, int ifindex);
 	NMLinkType (*link_get_type) (NMPlatform *, int ifindex);
 	const char *(*link_get_type_name) (NMPlatform *, int ifindex);
+	gboolean (*link_get_unmanaged) (NMPlatform *, int ifindex, gboolean *managed);
 
 	gboolean (*link_refresh) (NMPlatform *, int ifindex);
 
@@ -515,6 +516,7 @@ int nm_platform_link_get_ifindex (const char *name);
 const char *nm_platform_link_get_name (int ifindex);
 NMLinkType nm_platform_link_get_type (int ifindex);
 const char *nm_platform_link_get_type_name (int ifindex);
+gboolean nm_platform_link_get_unmanaged (int ifindex, gboolean *managed);
 gboolean nm_platform_link_is_software (int ifindex);
 gboolean nm_platform_link_supports_slaves (int ifindex);