Upstream change the default behavior for wifi.cloned-mac-address/ethernet.cloned-mac-address from "permanet" to "preserve".
See the details in the upstream commit: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=fae5ecec5a4d9987a1915441602cb78275a9f490
This will be part of upstream version 1.6.0 and newer.
When rebasing NM for rhel-7.4, we have to make sure to get this right.
In the simplest case, we just revert the change in default. This is low-effort, but needs a downstream patch. Also, we need QA to ensure we get it right.
Alternatively, I think the new behavior is better and we could change behavior in RHEL. I don't think we should do that for RHEL-7, but it would be an option...
this applies to "wifi.cloned-mac-address" and "ethernet.cloned-mac-address" alike. Testing for ethernet:
- Create a NM connection with ethernet.cloned-mac-address unspecified (which is already the default).
- ensure that the default value is not over-written via global-connection default
(check `/usr/sbin/NetworkManager --print-config` for "cloned-mac-address".
- deactivate the test-ethernet connection
(nmcli device disconnect $IF)
- set a spoofed MAC address outside of NM
(ip link set $IF addr $something)
- activate the connection
- on master, NM would leave the MAC address unchanged (using default behavior ethernet.cloned-mac-address=preserve). On rhel-7.3, the address would be reset to the permanent one.
What is desired behavior on rhel-7.4 must be determined yet.
I don't like that we'll have a behavior different from upstream and
we'll have to carry a patch for all future RHEL 7 releases, but there
is a (probably small) chance to break some users' scenarios if we keep
the upstream default ("preserve"). I vote for changing the default
back to "permanent" for RHEL.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.