Red Hat Bugzilla – Bug 1413312
Fix default behavior for cloned-mac-address with rebase in rhel-7.4 after upstream change
Last modified: 2017-08-01 05:22:07 EDT
Upstream change the default behavior for wifi.cloned-mac-address/ethernet.cloned-mac-address from "permanet" to "preserve". See the details in the upstream commit: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=fae5ecec5a4d9987a1915441602cb78275a9f490 This will be part of upstream version 1.6.0 and newer. When rebasing NM for rhel-7.4, we have to make sure to get this right. In the simplest case, we just revert the change in default. This is low-effort, but needs a downstream patch. Also, we need QA to ensure we get it right. Alternatively, I think the new behavior is better and we could change behavior in RHEL. I don't think we should do that for RHEL-7, but it would be an option...
regarding reproducer: this applies to "wifi.cloned-mac-address" and "ethernet.cloned-mac-address" alike. Testing for ethernet: - Create a NM connection with ethernet.cloned-mac-address unspecified (which is already the default). - ensure that the default value is not over-written via global-connection default (check `/usr/sbin/NetworkManager --print-config` for "cloned-mac-address". - deactivate the test-ethernet connection (nmcli device disconnect $IF) - set a spoofed MAC address outside of NM (ip link set $IF addr $something) - activate the connection - on master, NM would leave the MAC address unchanged (using default behavior ethernet.cloned-mac-address=preserve). On rhel-7.3, the address would be reset to the permanent one. What is desired behavior on rhel-7.4 must be determined yet.
I don't like that we'll have a behavior different from upstream and we'll have to carry a patch for all future RHEL 7 releases, but there is a (probably small) chance to break some users' scenarios if we keep the upstream default ("preserve"). I vote for changing the default back to "permanent" for RHEL.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2299