Bug 1362542
| Summary: | warn nicely about insufficient permissions when changing logging level | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Vladimir Benes <vbenes> |
| Component: | NetworkManager | Assignee: | Beniamino Galvani <bgalvani> |
| Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | CC: | aloughla, atragler, bgalvani, dcbw, lrintel, rkhan, thaller |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-03 19:27:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Attachments: | |||
|
Description
Vladimir Benes
2016-08-02 13:14:53 UTC
Created attachment 1187415 [details]
[PATCH 1/2] core: add nm_bus_manager_ensure_root() helper
Created attachment 1187416 [details]
[PATCH 2/2] core: drop some rules from dbus policy file
For the second patch, the reason Sleep() didn't have these checks originally is for pm-tools. These were scripts that used to trigger sleep/wake before systemd and upower, and I think we still technically support them. They used to call dbus-send without --wait-reply, which means the dbus-send process didn't exist at the time NM asks dbus-daemon for the name-owner to ensure root, which caused the sleep calls to fail. So we either decide to no longer support pm-utils and manual sleep/wake calls without --wait-reply, or we keep the root-only rule in the dbus permissions file. Otherwise LGTM. Created attachment 1188568 [details] [PATCH 2/2] core: drop some rules from dbus policy file (In reply to Dan Williams from comment #3) > So we either decide to no longer support pm-utils and manual sleep/wake > calls without --wait-reply, or we keep the root-only rule in the dbus > permissions file. I've updated the second patch to leave the existing checks for the Sleep() call, so that we don't break pm-utils. Created attachment 1192098 [details]
[PATCH v2 1/2] core: drop root requirement for load_connection(s)/set_logging D-Bus calls
Created attachment 1192099 [details]
[PATCH v2 2/2] cli: return sane error message for D-Bus policy permission errors
After discussion with Thomas, I have removed the checks in the daemon
and restored them in the d-bus configuration; nmcli now translates the
D-Bus denial error in something more user-friendly.
lgtm (both from v2) Both applied to nm-1-4 (and master): https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-4&id=a77ed0de9729ebcc9cb96d5bd1f4bd4da9d4e0d5 https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-4&id=e9f96024ae0abc8530ed8bd63ee7e3a7e615f587 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2581.html |