amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: network-manager: Remove ownership check for plugins.

Browse source 
Fixes <https://issues.guix.gnu.org/78047>.

Fixes a bug on Guix System whereby, when ‘guix-configuration’
has (privileged? #f), NetworkManager would fail to start due to plugins
not being owned by ‘root’.

* gnu/packages/patches/network-manager-plugin-ownership.patch: New file.
* gnu/packages/gnome.scm (network-manager)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.

Reported-by: Rodion Goritskov <rodion@goritskov.com>
Change-Id: I9fff098788e79d1f00c9605a6067b16078ea0396
This commit is contained in:
Ludovic Courtès 2025-06-23 15:15:42 +02:00
parent 45ece3847a
commit 436a00be92
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
3 changed files with 32 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -1929,6 +1929,7 @@ dist_patch_DATA = \
%D%/packages/patches/nhc98-c-update.patch \ %D%/packages/patches/nhc98-c-update.patch \
%D%/packages/patches/nix-dont-build-html-doc.diff \ %D%/packages/patches/nix-dont-build-html-doc.diff \
%D%/packages/patches/nfs4-acl-tools-0.3.7-fixpaths.patch \ %D%/packages/patches/nfs4-acl-tools-0.3.7-fixpaths.patch \
%D%/packages/patches/network-manager-plugin-ownership.patch \
%D%/packages/patches/network-manager-plugin-path.patch \ %D%/packages/patches/network-manager-plugin-path.patch \
%D%/packages/patches/newlib-getentropy.patch \ %D%/packages/patches/newlib-getentropy.patch \
%D%/packages/patches/nginx-socket-cloexec.patch \ %D%/packages/patches/nginx-socket-cloexec.patch \

6
gnu/packages/gnome.scm
View file

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014-2023 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014-2023, 2025 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2014, 2016, 2020 Eric Bavier <bavier@posteo.net> ;;; Copyright © 2014, 2016, 2020 Eric Bavier <bavier@posteo.net>
;;; Copyright © 2014, 2015 Federico Beffa <beffa@fbengineering.ch> ;;; Copyright © 2014, 2015 Federico Beffa <beffa@fbengineering.ch>
@ -8551,7 +8551,9 @@ users.")
"NetworkManager/NetworkManager")) "NetworkManager/NetworkManager"))
(commit version))) (commit version)))
(file-name (git-file-name name version)) (file-name (git-file-name name version))
(patches (search-patches "network-manager-plugin-path.patch")) (patches (search-patches
"network-manager-plugin-ownership.patch"
"network-manager-plugin-path.patch"))
(sha256 (sha256
(base32 (base32
"0fx3yvqrwc9fqphhwvchxls0lgizlz7bxww3riijlvx3pkypqbyr")))) "0fx3yvqrwc9fqphhwvchxls0lgizlz7bxww3riijlvx3pkypqbyr"))))

27
gnu/packages/patches/network-manager-plugin-ownership.patch Normal file
View file

@ -0,0 +1,27 @@
NetworkManager insists that plugins be root-owned. This is the case when running
guix-daemon with root privileged, but not when running it unprivileged (in that case,
file in the store belong to the 'guix-daemon' user.)
Skip that test entirely since it doesn't provide any additional safety on Guix System.
See <https://issues.guix.gnu.org/78047>.
diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
index 895a991..738f8c7 100644
--- a/src/core/nm-core-utils.c
+++ b/src/core/nm-core-utils.c
@@ -4319,14 +4319,6 @@ nm_utils_validate_plugin(const char *path, struct stat *st, GError **error)
return FALSE;
}
- if (st->st_uid != 0) {
- g_set_error_literal(error,
- NM_UTILS_ERROR,
- NM_UTILS_ERROR_UNKNOWN,
- "file has invalid owner (should be root)");
- return FALSE;
- }
-
if (st->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) {
g_set_error_literal(error,
NM_UTILS_ERROR,