Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix permissions on folder '/run/NetworkManager/' #422

Merged
merged 2 commits into from Nov 23, 2023
Merged

Fix permissions on folder '/run/NetworkManager/' #422

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d7684c0
Fix permissions on folder '/run/NetworkManager/'
Nov 15, 2023
0cc22de
cli:try: avoid linting error for type hints
slyon Nov 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 1 addition & 2 deletions netplan_cli/cli/commands/try_command.py
View file
Open in desktop
Expand Up @@ -18,7 +18,6 @@
'''netplan try command line'''

import logging
import netplan
import os
import time
import shutil
Expand Down Expand Up @@ -179,7 +178,7 @@ def is_revertable(self):
# more than one device in them, and they can be set with special parameters
# to tweak their behavior, which are really hard to "revert", especially
# as systemd-networkd doesn't necessarily touch them when config changes.
multi_iface = {} # type: dict[str, netplan.NetDefinition]
multi_iface = {} # dict[str, netplan.NetDefinition]
multi_iface.update(np_state.bridges)
multi_iface.update(np_state.bonds)
for itf in multi_iface.values():
Expand Down
11 changes: 10 additions & 1 deletion src/nm.c
View file
Open in desktop
Expand Up @@ -618,6 +618,7 @@ write_nm_conf_access_point(const NetplanNetDefinition* def, const char* rootdir,
g_autoptr(GKeyFile) kf = NULL;
g_autofree gchar* conf_path = NULL;
g_autofree gchar* full_path = NULL;
g_autofree gchar* nm_run_path = NULL;
g_autofree gchar* nd_nm_id = NULL;
const gchar* nm_type = NULL;
gchar* tmp_key = NULL;
Expand Down Expand Up @@ -966,8 +967,16 @@ write_nm_conf_access_point(const NetplanNetDefinition* def, const char* rootdir,
}
}

/* NM connection files might contain secrets, and NM insists on tight permissions */
/* Create /run/NetworkManager/ with 755 permissions if the folder is missing.
* Letting the next invokation of safe_mkdir_p_dir do it would result in
* more restrictive access because of the call to umask. */
nm_run_path = g_strjoin(G_DIR_SEPARATOR_S, rootdir ?: "", "run/NetworkManager/", NULL);
if (!g_file_test(nm_run_path, G_FILE_TEST_EXISTS))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: you had some leading whitespace here, which doesn't match our code style, so I quickly fixed this up.

safe_mkdir_p_dir(nm_run_path);

full_path = g_strjoin(G_DIR_SEPARATOR_S, rootdir ?: "", conf_path, NULL);

/* NM connection files might contain secrets, and NM insists on tight permissions */
orig_umask = umask(077);
safe_mkdir_p_dir(full_path);
if (!g_key_file_save_to_file(kf, full_path, error))
Expand Down