diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2025-06-23 15:15:42 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2025-06-23 15:15:42 +0200 |
| commit | 436a00be92c53f5054885eebd200153933b63a1d (patch) | |
| tree | 48e6bf9155013471fba488f70b21509e5320aacd | |
| parent | 45ece3847a43123fe0e99a4d3f1e498b172d2379 (diff) | |
gnu: network-manager: Remove ownership check for plugins.
Fixes <https://issues.guix.gnu.org/78047>.
Fixes a bug on Guix System whereby, when ‘guix-configuration’
has (privileged? #f), NetworkManager would fail to start due to plugins
not being owned by ‘root’.
* gnu/packages/patches/network-manager-plugin-ownership.patch: New file.
* gnu/packages/gnome.scm (network-manager)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
Reported-by: Rodion Goritskov <rodion@goritskov.com>
Change-Id: I9fff098788e79d1f00c9605a6067b16078ea0396
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/gnome.scm | 6 | ||||
| -rw-r--r-- | gnu/packages/patches/network-manager-plugin-ownership.patch | 27 |
3 files changed, 32 insertions, 2 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 1b93c21a33..1e2299bca9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1929,6 +1929,7 @@ dist_patch_DATA = \ %D%/packages/patches/nhc98-c-update.patch \ %D%/packages/patches/nix-dont-build-html-doc.diff \ %D%/packages/patches/nfs4-acl-tools-0.3.7-fixpaths.patch \ + %D%/packages/patches/network-manager-plugin-ownership.patch \ %D%/packages/patches/network-manager-plugin-path.patch \ %D%/packages/patches/newlib-getentropy.patch \ %D%/packages/patches/nginx-socket-cloexec.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index bdde4ec785..56dc3f50cf 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2014-2023 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2014-2023, 2025 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2014, 2016, 2020 Eric Bavier <bavier@posteo.net> ;;; Copyright © 2014, 2015 Federico Beffa <beffa@fbengineering.ch> @@ -8551,7 +8551,9 @@ users.") "NetworkManager/NetworkManager")) (commit version))) (file-name (git-file-name name version)) - (patches (search-patches "network-manager-plugin-path.patch")) + (patches (search-patches + "network-manager-plugin-ownership.patch" + "network-manager-plugin-path.patch")) (sha256 (base32 "0fx3yvqrwc9fqphhwvchxls0lgizlz7bxww3riijlvx3pkypqbyr")))) diff --git a/gnu/packages/patches/network-manager-plugin-ownership.patch b/gnu/packages/patches/network-manager-plugin-ownership.patch new file mode 100644 index 0000000000..fffdc8f6ff --- /dev/null +++ b/gnu/packages/patches/network-manager-plugin-ownership.patch @@ -0,0 +1,27 @@ +NetworkManager insists that plugins be root-owned. This is the case when running +guix-daemon with root privileged, but not when running it unprivileged (in that case, +file in the store belong to the 'guix-daemon' user.) + +Skip that test entirely since it doesn't provide any additional safety on Guix System. + +See <https://issues.guix.gnu.org/78047>. + +diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c +index 895a991..738f8c7 100644 +--- a/src/core/nm-core-utils.c ++++ b/src/core/nm-core-utils.c +@@ -4319,14 +4319,6 @@ nm_utils_validate_plugin(const char *path, struct stat *st, GError **error) + return FALSE; + } + +- if (st->st_uid != 0) { +- g_set_error_literal(error, +- NM_UTILS_ERROR, +- NM_UTILS_ERROR_UNKNOWN, +- "file has invalid owner (should be root)"); +- return FALSE; +- } +- + if (st->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) { + g_set_error_literal(error, + NM_UTILS_ERROR, |