Bug 1187525
| Summary: | Enable privacy extensions by default | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | David Jaša <djasa> |
| Component: | NetworkManager | Assignee: | Thomas Haller <thaller> |
| Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> |
| Severity: | medium | Docs Contact: | Mark Flitter <mflitter> |
| Priority: | medium | ||
| Version: | 7.1 | CC: | danw, dcbw, jklimes, lrintel, phiporiphic, rkhan, thaller, tpelka, vbenes |
| Target Milestone: | rc | ||
| Target Release: | 7.2 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Release Note | |
| Doc Text: |
IPv6 Privacy extensions now enabled by default
To determine and set IPv6 privacy settings at device activation, NetworkManager now checks its network configuration in NetworkManager.conf by default, and falls back to "/proc/sys/net/ipv6/conf/default/use_tempaddr" if necessary.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-19 10:59:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
David Jaša
2015-01-30 10:57:55 UTC
you can easily do: nmcli connection modify $connection ipv6.ip6-privacy [1,2] Nevertheless, this says nothing about the defaults. (In reply to Vladimir Benes from comment #1) > you can easily do: > nmcli connection modify $connection ipv6.ip6-privacy [1,2] > > Nevertheless, this says nothing about the defaults. Yeah. Doing it for each and every connection is pretty onerous and forgetting-prone. The default settings should be good. Upstream merged http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=18ecf48d7a9d03194db1b65ef46e386284426f89 With those patches, you can now configure ipv6.ip6-privacy 1) per-connection 2) fallback to NM-wide config in NetworkManager.conf 3) fallback to /proc/sys/net/ipv6/conf/default/use_tempaddr We no longer read the static files /etc/sysctl.conf and /lib/sysctl.d/sysctl.conf as we used to. But instead we fallback to /proc/sys/net/ipv6/conf/default/use_tempaddr (3), which means that the ultimate default-value is not determined by the NetworkManager.conf package. That has the advantage, that the same default value is used for autoconf in kernel (accept_ra). I prefer that NM does not define it's own default-value, but falls back to other configuration. To fix this bug for NM, we need the upstream mentioned patches 18ecf48d. But note that the ~default~ value is still not determined by NM package. With this to configure a default-value either: a) put a file /etc/NetworkManager/conf.d/01-default-ip6-privacy.conf: [connection.ip6-privacy] ipv6.ip6-privacy=1 b) or a file /etc/sysctl.d/99-default-ip6-privacy.conf: net.ipv6.conf.default.use_tempaddr=1 How does that sound? The change is now also in nm-1-0 branch which will make it to RHEL 7.2. http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-0&id=2f51ba50df8341370ab1f480f9ec6d60cd32ece2 Default privacy can now be configured system wide or per connection on all supported architectures. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2315.html |