Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NetworkManager 1.40 compat & file permission fixes (LP: #1862600, LP: #1997348) #300

Merged
merged 3 commits into from
Nov 29, 2022

Conversation

slyon
Copy link
Collaborator

@slyon slyon commented Nov 24, 2022

Description

  • add default "wakeonlan" settings for ethernet devices only (NetworkManager 1.40 compat)
  • Write YAML files using 0o600 permission
  • YAML files written by the user or a (external) tool (e.g. "netplan set", NetworkManager, subiquity, ...) can contain sensitive information (e.g. WiFi passwords), so should stay secret (root/owner read-only).

Checklist

  • Runs make check successfully.
  • Retains 100% code coverage (make check-coverage).
  • New/changed keys in YAML format are documented.
  • (Optional) Adds example YAML for new feature.
  • (Optional) Closes an open bug in Launchpad. LP#1997348, LP#1862600

Starting with NM 1.40 keyfiles can contain an empty [ethernet] section, even
on non-ethernet devices (e.g. bridges), but Netplan's "wakeonlan" setting is
not supported on those.
The YAML files written might contain sensitive information, such as WiFi
passwords. Therefore, they should be root/owner read-only by default.
@slyon slyon changed the title NetworkManager 1.40 compat & file permission fixes ((LP: #1862600, LP: #1997348) NetworkManager 1.40 compat & file permission fixes (LP: #1862600, LP: #1997348) Nov 24, 2022
Copy link
Collaborator

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

It just broke autopkgtest I guess due to the new output.

src/parse.c Outdated Show resolved Hide resolved
YAML files written by the user or a (external) tool (e.g. "netplan set",
NetworkManager, subiquity, ...) can contain sensitive information (e.g. WiFi
passwords), so should stay secret (root/owner read-only).
@slyon
Copy link
Collaborator Author

slyon commented Nov 29, 2022

Thanks for your review @daniloegea! I think I addressed all of your comments.
PTAL.

Copy link
Collaborator

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants