Bug 1422786 - make insufficient permission errors more visible (especially in connection down)
Summary: make insufficient permission errors more visible (especially in connection down)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Beniamino Galvani
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-16 09:13 UTC by Vladimir Benes
Modified: 2017-08-01 09:22 UTC (History)
8 users (show)

Fixed In Version: NetworkManager-1.8.0-0.4.rc3.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:22:07 UTC


Attachments (Terms of Use)
[PATCH] cli: check for deactivation failures (2.70 KB, patch)
2017-04-13 13:27 UTC, Beniamino Galvani
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2299 normal SHIPPED_LIVE Moderate: NetworkManager and libnl3 security, bug fix and enhancement update 2017-08-01 12:40:28 UTC

Description Vladimir Benes 2017-02-16 09:13:08 UTC
Description of problem:

[vagrant@dacan NetworkManager-ci]$ sudo nmcli connection down testeth1
Connection 'testeth1' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

[vagrant@dacan NetworkManager-ci]$ nmcli connection up testeth1
Error: Connection activation failed: Not authorized to control networking.

[vagrant@dacan NetworkManager-ci]$ nmcli connection down testeth1
Error: 'testeth1' is not an active connection.
Error: no active connection provided.

[vagrant@dacan NetworkManager-ci]$ sudo nmcli connection up testeth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)

[vagrant@dacan NetworkManager-ci]$ nmcli connection down testeth1
Error: Timeout expired (10 seconds)

^^ This is weird as it timeouts rather than saying you don't have permissions and quitting immediately 


[vagrant@dacan NetworkManager-ci]$ rpm -q NetworkManager
NetworkManager-1.6.3-16765.0770d7e68e.el7.centos.x86_64
 
[vagrant@dacan NetworkManager-ci]$ nmcli general permissions 
PERMISSION                                                 VALUE 
org.freedesktop.NetworkManager.enable-disable-network      no    
org.freedesktop.NetworkManager.enable-disable-wifi         no    
org.freedesktop.NetworkManager.enable-disable-wwan         no    
org.freedesktop.NetworkManager.enable-disable-wimax        no    
org.freedesktop.NetworkManager.sleep-wake                  no    
org.freedesktop.NetworkManager.network-control             auth  
org.freedesktop.NetworkManager.wifi.share.protected        no    
org.freedesktop.NetworkManager.wifi.share.open             no    
org.freedesktop.NetworkManager.settings.modify.system      auth  
org.freedesktop.NetworkManager.settings.modify.own         auth  
org.freedesktop.NetworkManager.settings.modify.hostname    auth  
org.freedesktop.NetworkManager.settings.modify.global-dns  auth  
org.freedesktop.NetworkManager.reload                      auth  
org.freedesktop.NetworkManager.checkpoint-rollback         auth  
org.freedesktop.NetworkManager.enable-disable-statistics   no

Comment 1 Beniamino Galvani 2017-04-13 13:27:37 UTC
Created attachment 1271434 [details]
[PATCH] cli: check for deactivation failures

Comment 2 Thomas Haller 2017-04-13 13:34:47 UTC
(In reply to Beniamino Galvani from comment #1)
> Created attachment 1271434 [details]
> [PATCH] cli: check for deactivation failures

lgtm

Comment 5 errata-xmlrpc 2017-08-01 09:22:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2299


Note You need to log in before you can comment on or make changes to this bug.