|Summary:||NM should allow admins in non-local sessions to control the network|
|Product:||[Fedora] Fedora||Reporter:||Marius Vollmer <mvollmer>|
|Component:||NetworkManager||Assignee:||Dan Williams <dcbw>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||21||CC:||dcbw, psimerda, sgallagh, stefw|
|Fixed In Version:||NetworkManager-0.9.10.0-10.git20140704.fc21||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2014-10-31 02:43:38 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
|Bug Blocks:||1094121, 1144010, 1145747|
Description Marius Vollmer 2014-09-23 12:21:20 UTC
NetworkManager-0.9.10.0-5.git20140704.fc21.x86_64 Cockpit allows configuration of the network via NetworkManager. This works well for admin users except the actual activation/deactivation of connections. I think at least "org.freedesktop.NetworkManager.network-control" should have <allow_any>auth_admin</allow_any> (Others actions might need adjusting, too.)
Comment 1 Dan Williams 2014-09-23 17:19:50 UTC
Yeah, this should get fixed and non-local users should have access to this stuff. We changed that earlier this year for other tasks, and I don't remember why we didn't fix that up for this too.
Comment 2 Marius Vollmer 2014-09-24 07:36:14 UTC
> Yeah, this should get fixed and non-local users should have access to this stuff. Ok, nice that we agree! We would like to have this in Fedora 21 still, but we can carefully work around this with a simple polkit rule, so if there is a reason why this can't be fixed in time in the NM package, that is no problem.
Comment 3 Stef Walter 2014-09-24 07:41:33 UTC
Actually the Fedora Server WG discussed this yesterday, and wants us to first and foremost pursue fixing these things in the package with the broken policy ... only including such an overriding polkit rule if all else fails. http://meetbot.fedoraproject.org/fedora-meeting-1/2014-09-23/fedora-meeting-1.2014-09-23-15.01.log.html
Comment 4 Marius Vollmer 2014-10-06 08:17:31 UTC
Created attachment 944168 [details] Allow non-local admin sessions to control the network. Proposed patch.
Comment 5 Stef Walter 2014-10-06 09:03:47 UTC
Created attachment 944187 [details] Fix broken polkit policy Resolves: rhbz#1145646
Comment 6 Stef Walter 2014-10-06 09:05:34 UTC
Also added patch which can be merged into the Fedora 21 package to fix this issue during the Beta if upstream NetworkManager does not update. The alternative, is for Cockpit to install a polkit rules.d which overrides the NetworkManager policy. Scratch build with this patch: http://koji.fedoraproject.org/koji/taskinfo?taskID=7773139
Comment 7 Marius Vollmer 2014-10-07 06:37:49 UTC
(In reply to Stef Walter from comment #6) > Scratch build with this patch: > http://koji.fedoraproject.org/koji/taskinfo?taskID=7773139 I have tested this, and it works as expected. I tested both manually and by reverting "c7a9269 polkit: Tweak policy to work for Cockpit" in Cockpit and running the integration tests.
Comment 8 Dan Williams 2014-10-13 21:03:38 UTC
Pushed upstream to git master and nm-0-9-10.
Comment 9 Fedora Update System 2014-10-13 21:42:21 UTC
NetworkManager-0.9.10.0-7.git20140704.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/NetworkManager-0.9.10.0-7.git20140704.fc21
Comment 10 Fedora Update System 2014-10-16 02:01:32 UTC
Package NetworkManager-0.9.10.0-7.git20140704.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing NetworkManager-0.9.10.0-7.git20140704.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-12865/NetworkManager-0.9.10.0-7.git20140704.fc21 then log in and leave karma (feedback).
Comment 11 Fedora Update System 2014-10-29 10:43:01 UTC
NetworkManager-0.9.10.0-10.git20140704.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/FEDORA-2014-13679/NetworkManager-0.9.10.0-10.git20140704.fc21
Comment 12 Fedora Update System 2014-10-31 02:43:38 UTC
NetworkManager-0.9.10.0-10.git20140704.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.