From 436a00be92c53f5054885eebd200153933b63a1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 23 Jun 2025 15:15:42 +0200 Subject: [PATCH] gnu: network-manager: Remove ownership check for plugins. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes . Fixes a bug on Guix System whereby, when ‘guix-configuration’ has (privileged? #f), NetworkManager would fail to start due to plugins not being owned by ‘root’. * gnu/packages/patches/network-manager-plugin-ownership.patch: New file. * gnu/packages/gnome.scm (network-manager)[source]: Use it. * gnu/local.mk (dist_patch_DATA): Add it. Reported-by: Rodion Goritskov Change-Id: I9fff098788e79d1f00c9605a6067b16078ea0396 --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 6 +++-- .../network-manager-plugin-ownership.patch | 27 +++++++++++++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/network-manager-plugin-ownership.patch diff --git a/gnu/local.mk b/gnu/local.mk index 1b93c21a33e..1e2299bca9e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1929,6 +1929,7 @@ dist_patch_DATA = \ %D%/packages/patches/nhc98-c-update.patch \ %D%/packages/patches/nix-dont-build-html-doc.diff \ %D%/packages/patches/nfs4-acl-tools-0.3.7-fixpaths.patch \ + %D%/packages/patches/network-manager-plugin-ownership.patch \ %D%/packages/patches/network-manager-plugin-path.patch \ %D%/packages/patches/newlib-getentropy.patch \ %D%/packages/patches/nginx-socket-cloexec.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index bdde4ec785f..56dc3f50cfe 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge -;;; Copyright © 2014-2023 Ludovic Courtès +;;; Copyright © 2014-2023, 2025 Ludovic Courtès ;;; Copyright © 2014 Ian Denhardt ;;; Copyright © 2014, 2016, 2020 Eric Bavier ;;; Copyright © 2014, 2015 Federico Beffa @@ -8551,7 +8551,9 @@ users.") "NetworkManager/NetworkManager")) (commit version))) (file-name (git-file-name name version)) - (patches (search-patches "network-manager-plugin-path.patch")) + (patches (search-patches + "network-manager-plugin-ownership.patch" + "network-manager-plugin-path.patch")) (sha256 (base32 "0fx3yvqrwc9fqphhwvchxls0lgizlz7bxww3riijlvx3pkypqbyr")))) diff --git a/gnu/packages/patches/network-manager-plugin-ownership.patch b/gnu/packages/patches/network-manager-plugin-ownership.patch new file mode 100644 index 00000000000..fffdc8f6ffd --- /dev/null +++ b/gnu/packages/patches/network-manager-plugin-ownership.patch @@ -0,0 +1,27 @@ +NetworkManager insists that plugins be root-owned. This is the case when running +guix-daemon with root privileged, but not when running it unprivileged (in that case, +file in the store belong to the 'guix-daemon' user.) + +Skip that test entirely since it doesn't provide any additional safety on Guix System. + +See . + +diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c +index 895a991..738f8c7 100644 +--- a/src/core/nm-core-utils.c ++++ b/src/core/nm-core-utils.c +@@ -4319,14 +4319,6 @@ nm_utils_validate_plugin(const char *path, struct stat *st, GError **error) + return FALSE; + } + +- if (st->st_uid != 0) { +- g_set_error_literal(error, +- NM_UTILS_ERROR, +- NM_UTILS_ERROR_UNKNOWN, +- "file has invalid owner (should be root)"); +- return FALSE; +- } +- + if (st->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) { + g_set_error_literal(error, + NM_UTILS_ERROR,