|
Bugzilla – Full Text Bug Listing |
| Summary: | NetworkManager: broken privilege handling | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 12.1 | Reporter: | Ludwig Nussel <lnussel> |
| Component: | Network | Assignee: | Ludwig Nussel <lnussel> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Major | ||
| Priority: | P1 - Urgent | CC: | bruno, coolo, dimstar, dutchkind, forgotten_--EoyBps8f, forgotten_0FuaAO3939, holler, martin.schlander, melchiaros, robert-suse, vuntz, wstephenson |
| Version: | RC 2 | Flags: | coolo:
SHIP_STOPPER+
|
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Ludwig Nussel
2011-08-23 07:21:20 UTC
This needs to be fixed or worked around as last resort. https://bugzilla.gnome.org/show_bug.cgi?id=646187 is the upstream bug about this. I'm unsure how easy this is fixable. (FWIW, the workaround is easy: change the policy for org.freedesktop.NetworkManager.settings.modify.own) Ludwig, So I'm still not understand your issue clearly, what's the wrong dialogs, And I viewed the bgo which in comment #2, so the workaround is let the WPA2 enterprise network use the org.freedesktop.NetworkManager.settings.modify.own while not org.freedesktop.NetworkManager.settings.modify.system, so that it wouldn't need to require PK authentication, right? Even without WPA2 enterprise the pk auth and root password appear. I suspect that's used by NM to update the last time connected :-( and it ask also (which seems normal) opening my kwallet (In reply to comment #3) > So I'm still not understand your issue clearly, what's the wrong dialogs, Try it out then you'll see. > And I viewed the bgo which in comment #2, so the workaround is let the WPA2 > enterprise network use the org.freedesktop.NetworkManager.settings.modify.own > while not org.freedesktop.NetworkManager.settings.modify.system, so that it > wouldn't need to require PK authentication, right? No. See the NM mailinglist for an analysis: http://mail.gnome.org/archives/networkmanager-list/2011-September/msg00216.html *** Bug 722033 has been marked as a duplicate of this bug. *** For me this bug is really a release-blocker! I would love if someone could tell me in detail how to work-around this bug. I think, that I'm not able to figure out how to change the PolicyKit settings might be another bug. I really don't get it. :/ Kind regards, Robert As root: - make sure package polkit-default-privs is installed - edit /etc/polkit-default-privs.local - add these lines: org.freedesktop.NetworkManager.settings.modify.own yes org.freedesktop.NetworkManager.settings.modify.system yes - run /sbin/set_polkit_default_privs HTH, Hans-Peter @Ludwig: yes, this is ugly and insecure, but if you want a working system ... ;-) Please try home:lnussel:branches:GNOME:Factory/NetworkManager That worksforme, on startup and resume from sleep Can you do something similar for modemmanager? org.freedesktop.ModemManager.Device.Control is privileged, and required for SIM unlock, and granting this to a user with polkit is not remembered. I wasn't even aware that the user directly talks to MM. I thought NM acts as proxy. org.freedesktop.ModemManager.Device.Control is most likely an entirely different, unrelated problem. Probably even works as designed. Sorry, http://download.opensuse.org/repositories/home:/lnussel:/branches:/GNOME:/ is empty. Waiting for Factory :-) oops, publishing was disabled. I've enable it now. Meanwhile you can still fetch the packages using "osc getbinaries" Ludwig: thanks for submitting your fixes (https://build.opensuse.org/request/show/87842). Just checking with you: we'll use those patches for 12.1, but can I assume it's fine to drop them once 12.1 is released in Factory so we can get the real fixes later on? Btw, does this mean we will still require root authentication for org.freedesktop.NetworkManager.settings.modify.own? yes and yes. Note that the system vs user connection thing doesn't make much sense with NM 0.9. Ludwig, So I thought you could close it as fixed. Assign to you. This is an autogenerated message for OBS integration: This bug (713639) was mentioned in https://build.opensuse.org/request/show/88130 Factory / NetworkManager done This is back with RC2 please describe what you did and how to reproduce Steps to reproduce * go to the networkmanager plasmoid * add a new wireless connection for the "Novell" network (enter user and pw) * make sure that "system connection" isn't activated * save configuration -> NM requires the root password and creates a system connection in /etc/NetworkManager/system-connections I'm not sure if this is really the same bug or just another bug in the networkmanager plasmoid because "system connection" was not activated. This is expected. The bug is about activating such a connection, not about creating it. With NM all connections are in fact system connections. The checkbox previously known as 'system connection' just controls who is allowed to activate the connection. GNOME therefore calls this option "available to all users". Ludwig, thanks a lot for the information. @Will: IMHO the "system connection" string in the plasmoid should be renamed as well. Hi Lugwig, I've report the duplicate bug here (https://bugzilla.novell.com/show_bug.cgi?id=722033) just to confirm my understanding, it is expected/normal for Networkmanager to request for root privileges before connecting to wireless access point? (If memory does not fail me, believe that root privileges is not required in 11.2 or some other distribution.) Thanks in advance for the clarification. (In reply to comment #25) > just to confirm my understanding, it is expected/normal for Networkmanager to > request for root privileges before connecting to wireless access point? (If > memory does not fail me, believe that root privileges is not required in 11.2 > or some other distribution.) No. Creating needs root privileges because the connection is not stored within you user's folders but within the base-system. Connecting does not need root privileges. The really bad thing about it is though that AFAIK formatting / and keeping /home will lose your connections. I still fail to see the logic of this decision. There are many laptop users out there that have no admin rights, but need to set up connections while on the road. You can't expect them to call the system admin for this each time they have to connect to a wireless system. This makes the whole networkmanager a useless system with a lot of hassle. (In reply to comment #27) > I still fail to see the logic of this decision. There are many laptop users out > there that have no admin rights, but need to set up connections while on the > road. You can't expect them to call the system admin for this each time they > have to connect to a wireless system. This makes the whole networkmanager a > useless system with a lot of hassle. Your admin should be able to set policykit's settings to something he thinks is sensible. If he wants you do be able to create connections, he can. Since this is a bug report, please keep discussion to the mailinglist, e.g. opensuse@. |