Bug 475468

Summary: knetworkmanager: incorrect default DBUS configuration
Product: [Fedora] Fedora Reporter: Tomas Hoger <thoger>
Component: knetworkmanagerAssignee: Dennis Gilmore <dennis>
Status: CLOSED WORKSFORME QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: high    
Version: 10CC: dennis, kevin, ltinkl, mmcgrath, mwc, rdieter, redhat, roland.wolters, tuxbrewr
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-15 00:11:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Possible new policy file none

Description Tomas Hoger 2008-12-09 11:52:16 UTC 
Recent fix of the DBUS default policy for system bus:
  https://bugs.freedesktop.org/show_bug.cgi?id=18229
  https://bugzilla.redhat.com/show_bug.cgi?id=469151

seems to uncover a bug in knetworkmanager's default DBUS policy.  The policy permits root user to send requests to org.freedesktop.NetworkManagerSettings, though service name registered by knetworkmanager is org.freedesktop.NetworkManagerUserSettings.

Bit more details from the original reporter can be found in bug #475111.
Comment 1 Tomas Hoger 2008-12-09 12:00:30 UTC 
Created attachment 326289 [details]
Possible new policy file

Tries to follow some recommendation mentioned here:
  http://lists.freedesktop.org/archives/dbus/2008-December/010717.html

Loosely based on nm-applet.conf, but there are few differences:
- it keeps .NetworkManagerInfo, not sure whether it's needed
- it allows at_console users to use .NetworkManagerSettings.Secrets interface
- no access for context="default" users (rely on deny now really used by default)

I played with it a bit on one test system with wired connection only.  I can switch to DHCP config fine, but switch to static IP config has no effect.  Also tried with the configuration that should be close to the default config prior to dbus 1.2.6, and static IP config does not work either.  So not sure if this is actually a policy flaw...  Can anyone give it a try on system with some configured wireless connection as well?   Stefan, does this address your problem?
Comment 2 Michael Carney 2008-12-12 02:23:07 UTC 
I tried your proposed policy file, and it looks like it isn't simply a matter of changing the send_destination from NetworkManagerSettings to NetworkManagerUserSettings and deleting the default context. With your policy file, I get the following errors from NetworkManager:

Dec 11 18:14:54 lucy NetworkManager: <WARN>  connection_get_settings_cb(): connection_get_settings_cb: Invalid connection: 'NMSettingIP4Config' / 'addresses' invalid: 1
Dec 11 18:14:59 lucy NetworkManager: <WARN>  wait_for_connection_expired(): Connection (2) /org/freedesktop/NetworkManagerSettings/Connection/1 failed to activate (timeout): (0) Connection was not provided by any settings service

I have a static IP configuration, and used knetworkmanager to set it up.
Comment 3 Steven M. Parrish 2009-04-04 20:28:30 UTC 
Any movement on this issue, or is it still an issue?
Comment 4 Steven M. Parrish 2009-05-15 00:11:08 UTC 
Since there has been no response within the past 30 days going to close this as INSUFFICIENT DATA.
Comment 5 Kevin Kofler 2009-05-15 09:29:26 UTC 
D-Bus was reverted in F10, and knetworkmanager was obsoleted by kde-plasma-networkmanagement in F11.