Bug 1413312 - Fix default behavior for cloned-mac-address with rebase in rhel-7.4 after upstream change
Summary: Fix default behavior for cloned-mac-address with rebase in rhel-7.4 after ups...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Thomas Haller
QA Contact: Desktop QE
Depends On:
Blocks: 1393481
TreeView+ depends on / blocked
Reported: 2017-01-14 20:28 UTC by Thomas Haller
Modified: 2017-08-01 09:22 UTC (History)
9 users (show)

Fixed In Version: NetworkManager-1.8.0-0.3.git20170215.1d40c5f4.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-08-01 09:22:07 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2299 0 normal SHIPPED_LIVE Moderate: NetworkManager and libnl3 security, bug fix and enhancement update 2017-08-01 12:40:28 UTC

Description Thomas Haller 2017-01-14 20:28:04 UTC
Upstream change the default behavior for wifi.cloned-mac-address/ethernet.cloned-mac-address from "permanet" to "preserve".

See the details in the upstream commit: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=fae5ecec5a4d9987a1915441602cb78275a9f490

This will be part of upstream version 1.6.0 and newer.

When rebasing NM for rhel-7.4, we have to make sure to get this right.

In the simplest case, we just revert the change in default. This is low-effort, but needs a downstream patch. Also, we need QA to ensure we get it right.

Alternatively, I think the new behavior is better and we could change behavior in RHEL. I don't think we should do that for RHEL-7, but it would be an option...

Comment 2 Thomas Haller 2017-01-17 18:18:50 UTC
regarding reproducer:

this applies to "wifi.cloned-mac-address" and "ethernet.cloned-mac-address" alike. Testing for ethernet:

- Create a NM connection with ethernet.cloned-mac-address unspecified (which is already the default).
- ensure that the default value is not over-written via global-connection default
(check `/usr/sbin/NetworkManager --print-config` for "cloned-mac-address".
- deactivate the test-ethernet connection
  (nmcli device disconnect $IF)
- set a spoofed MAC address outside of NM
  (ip link set $IF addr $something)
- activate the connection

  - on master, NM would leave the MAC address unchanged (using default behavior ethernet.cloned-mac-address=preserve). On rhel-7.3, the address would be reset to the permanent one.

What is desired behavior on rhel-7.4 must be determined yet.

Comment 3 Beniamino Galvani 2017-02-24 12:48:48 UTC
I don't like that we'll have a behavior different from upstream and
we'll have to carry a patch for all future RHEL 7 releases, but there
is a (probably small) chance to break some users' scenarios if we keep
the upstream default ("preserve"). I vote for changing the default
back to "permanent" for RHEL.

Comment 5 errata-xmlrpc 2017-08-01 09:22:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.