diff --git a/.gitignore b/.gitignore index 8750c30c43..d4e172c0c6 100644 --- a/.gitignore +++ b/.gitignore @@ -71,8 +71,8 @@ test-*.trs /src/nm-dispatcher/org.freedesktop.nm_dispatcher.service /src/nm-dispatcher/tests/test-dispatcher-envp -/src/nm-sudo/nm-sudo -/src/nm-sudo/org.freedesktop.nm.sudo.service +/src/nm-priv-helper/nm-priv-helper +/src/nm-priv-helper/org.freedesktop.nm-priv-helper.service /data/NetworkManager.service /data/NetworkManager-wait-online.service @@ -82,6 +82,7 @@ test-*.trs /data/org.freedesktop.NetworkManager.policy /data/org.freedesktop.NetworkManager.policy.in /data/nm-sudo.service +/data/nm-priv-helper.service /docs/api/version.xml /docs/api/settings-spec.html @@ -436,6 +437,8 @@ test-*.trs /src/ndisc/tests/test-ndisc-linux /src/nm-daemon-helper/nm-daemon-helper /src/nm-iface-helper +/src/nm-sudo/nm-sudo +/src/nm-sudo/org.freedesktop.nm.sudo.service /src/platform/tests/dump /src/platform/tests/monitor /src/platform/tests/platform diff --git a/Makefile.am b/Makefile.am index 6023b457c2..ceb08a38fe 100644 --- a/Makefile.am +++ b/Makefile.am @@ -506,8 +506,8 @@ src_libnm_base_libnm_base_la_SOURCES = \ src/libnm-base/nm-ethtool-utils-base.h \ src/libnm-base/nm-net-aux.c \ src/libnm-base/nm-net-aux.h \ - src/libnm-base/nm-sudo-utils.c \ - src/libnm-base/nm-sudo-utils.h \ + src/libnm-base/nm-priv-helper-utils.c \ + src/libnm-base/nm-priv-helper-utils.h \ $(NULL) src_libnm_base_libnm_base_la_LDFLAGS = \ @@ -2590,8 +2590,8 @@ src_core_libNetworkManager_la_SOURCES = \ src/core/nm-rfkill-manager.h \ src/core/nm-session-monitor.c \ src/core/nm-session-monitor.h \ - src/core/nm-sudo-call.c \ - src/core/nm-sudo-call.h \ + src/core/nm-priv-helper-call.c \ + src/core/nm-priv-helper-call.h \ src/core/nm-keep-alive.c \ src/core/nm-keep-alive.h \ src/core/nm-sleep-monitor.c \ @@ -4555,16 +4555,16 @@ EXTRA_DIST += \ $(NULL) ############################################################################### -# src/nm-sudo +# src/nm-priv-helper ############################################################################### -libexec_PROGRAMS += src/nm-sudo/nm-sudo +libexec_PROGRAMS += src/nm-priv-helper/nm-priv-helper -src_nm_sudo_nm_sudo_SOURCES = \ - src/nm-sudo/nm-sudo.c \ +src_nm_priv_helper_nm_priv_helper_SOURCES = \ + src/nm-priv-helper/nm-priv-helper.c \ $(NULL) -src_nm_sudo_nm_sudo_CPPFLAGS = \ +src_nm_priv_helper_nm_priv_helper_CPPFLAGS = \ $(dflt_cppflags) \ -I$(builddir)/src/libnm-core-public \ -I$(srcdir)/src/libnm-core-public \ @@ -4575,12 +4575,12 @@ src_nm_sudo_nm_sudo_CPPFLAGS = \ $(GLIB_CFLAGS) \ $(NULL) -src_nm_sudo_nm_sudo_LDFLAGS = \ +src_nm_priv_helper_nm_priv_helper_LDFLAGS = \ -Wl,--version-script="$(srcdir)/linker-script-binary.ver" \ $(SANITIZER_EXEC_LDFLAGS) \ $(NULL) -src_nm_sudo_nm_sudo_LDADD = \ +src_nm_priv_helper_nm_priv_helper_LDADD = \ src/libnm-base/libnm-base.la \ src/libnm-glib-aux/libnm-glib-aux.la \ src/libnm-std-aux/libnm-std-aux.la \ @@ -4588,20 +4588,20 @@ src_nm_sudo_nm_sudo_LDADD = \ $(GLIB_LIBS) \ $(NULL) -src/nm-sudo/org.freedesktop.nm.sudo.service: $(srcdir)/src/nm-sudo/org.freedesktop.nm.sudo.service.in +src/nm-priv-helper/org.freedesktop.nm-priv-helper.service: $(srcdir)/src/nm-priv-helper/org.freedesktop.nm-priv-helper.service.in @sed \ -e 's|@libexecdir[@]|$(libexecdir)|g' \ $< >$@ -dbusactivation_DATA += src/nm-sudo/org.freedesktop.nm.sudo.service -CLEANFILES += src/nm-sudo/org.freedesktop.nm.sudo.service +dbusactivation_DATA += src/nm-priv-helper/org.freedesktop.nm-priv-helper.service +CLEANFILES += src/nm-priv-helper/org.freedesktop.nm-priv-helper.service -dbusservice_DATA += src/nm-sudo/nm-sudo.conf +dbusservice_DATA += src/nm-priv-helper/nm-priv-helper.conf EXTRA_DIST += \ - src/nm-sudo/nm-sudo.conf \ - src/nm-sudo/org.freedesktop.nm.sudo.service.in \ - src/nm-sudo/meson.build \ + src/nm-priv-helper/nm-priv-helper.conf \ + src/nm-priv-helper/org.freedesktop.nm-priv-helper.service.in \ + src/nm-priv-helper/meson.build \ $(NULL) ############################################################################### @@ -5294,7 +5294,7 @@ systemdsystemunit_DATA += \ data/NetworkManager.service \ data/NetworkManager-wait-online.service \ data/NetworkManager-dispatcher.service \ - data/nm-sudo.service \ + data/nm-priv-helper.service \ $(NULL) data/NetworkManager.service: $(srcdir)/data/NetworkManager.service.in @@ -5311,7 +5311,7 @@ endif data/NetworkManager-dispatcher.service: $(srcdir)/data/NetworkManager-dispatcher.service.in $(AM_V_GEN) $(data_edit) $< >$@ -data/nm-sudo.service: $(srcdir)/data/nm-sudo.service.in +data/nm-priv-helper.service: $(srcdir)/data/nm-priv-helper.service.in $(AM_V_GEN) $(data_edit) $< >$@ endif @@ -5343,7 +5343,7 @@ EXTRA_DIST += \ data/NetworkManager-wait-online-systemd-pre200.service.in \ data/NetworkManager-wait-online.service.in \ data/NetworkManager.service.in \ - data/nm-sudo.service.in \ + data/nm-priv-helper.service.in \ data/meson.build \ data/nm-shared.xml \ data/server.conf.in \ @@ -5353,7 +5353,7 @@ CLEANFILES += \ data/NetworkManager-dispatcher.service \ data/NetworkManager-wait-online.service \ data/NetworkManager.service \ - data/nm-sudo.service \ + data/nm-priv-helper.service \ data/server.conf \ $(NULL) diff --git a/NEWS b/NEWS index ad80554757..1165a6460f 100644 --- a/NEWS +++ b/NEWS @@ -30,8 +30,8 @@ Overview of changes since NetworkManager-1.32 Adjust the "dns-priority" to your liking after import yourself. * NetworkManager no longer listens for netlink events for traffic control objects (qdiscs and filters). -* core: add internal nm-sudo service for separating privileges and have - a way to drop capabilities from NetworkManager daemon. +* core: add internal nm-priv-helper service for separating privileges + and have a way to drop capabilities from NetworkManager daemon. * bond: add support for setting queue-id of bond port. * dns: support configuring DNS over TLS (DoT) with systemd-resolved. * nmtui: add support for WireGuard profiles. diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index f1b814cbd0..7630b82182 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -40,7 +40,7 @@ %global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[0-9][0-9]*\\)\\.[0-9][0-9]*$/\\1/p') -%global systemd_units NetworkManager.service NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-sudo.service +%global systemd_units NetworkManager.service NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-priv-helper.service %global systemd_units_cloud_setup nm-cloud-setup.service nm-cloud-setup.timer @@ -943,7 +943,7 @@ if [ $1 -eq 0 ]; then /usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || : fi -%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-sudo.service +%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service nm-priv-helper.service %if %{with nm_cloud_setup} @@ -977,7 +977,7 @@ fi %files %{dbus_sys_dir}/org.freedesktop.NetworkManager.conf %{dbus_sys_dir}/nm-dispatcher.conf -%{dbus_sys_dir}/nm-sudo.conf +%{dbus_sys_dir}/nm-priv-helper.conf %{dbus_sys_dir}/nm-ifcfg-rh.conf %{_sbindir}/%{name} %{_bindir}/nmcli @@ -1002,7 +1002,7 @@ fi %{_libexecdir}/nm-dispatcher %{_libexecdir}/nm-initrd-generator %{_libexecdir}/nm-daemon-helper -%{_libexecdir}/nm-sudo +%{_libexecdir}/nm-priv-helper %dir %{_libdir}/%{name} %dir %{nmplugindir} %{nmplugindir}/libnm-settings-plugin*.so @@ -1026,7 +1026,7 @@ fi %dir %{_localstatedir}/lib/NetworkManager %dir %{_sysconfdir}/sysconfig/network-scripts %{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service -%{_datadir}/dbus-1/system-services/org.freedesktop.nm.sudo.service +%{_datadir}/dbus-1/system-services/org.freedesktop.nm-priv-helper.service %{_datadir}/polkit-1/actions/*.policy %{_prefix}/lib/udev/rules.d/*.rules %if %{with firewalld_zone} @@ -1036,7 +1036,7 @@ fi %{systemd_dir}/NetworkManager.service %{systemd_dir}/NetworkManager-wait-online.service %{systemd_dir}/NetworkManager-dispatcher.service -%{systemd_dir}/nm-sudo.service +%{systemd_dir}/nm-priv-helper.service %dir %{_datadir}/doc/NetworkManager/examples %{_datadir}/doc/NetworkManager/examples/server.conf %doc NEWS AUTHORS README CONTRIBUTING.md TODO diff --git a/data/meson.build b/data/meson.build index edb6418d0e..35e3de5254 100644 --- a/data/meson.build +++ b/data/meson.build @@ -11,7 +11,7 @@ if install_systemdunitdir services = [ 'NetworkManager-dispatcher.service.in', 'NetworkManager.service.in', - 'nm-sudo.service.in', + 'nm-priv-helper.service.in', ] if have_systemd_200 diff --git a/data/nm-priv-helper.service.in b/data/nm-priv-helper.service.in new file mode 100644 index 0000000000..aa028e6c1d --- /dev/null +++ b/data/nm-priv-helper.service.in @@ -0,0 +1,79 @@ +[Unit] +Description=NetworkManager Privileged Helper + +# +# nm-priv-helper exists for privilege separation. It allows to run +# NetworkManager without certain capabilities, and ask nm-priv-helper +# for special operations where more privileges are required. +# + +# While nm-priv-helper has privileges that NetworkManager has not, it +# does not mean that itself should run totally unconstrained. On the +# contrary, it also should only have permissions it requires. +# +# nm-priv-helper rejects all requests that come from any other than the +# name owner of "org.freedesktop.NetworkManager" (that is, +# NetworkManager process itself). It is thus only an implementation +# detail and provides no public API to the user. + +[Service] +Type=dbus +BusName=org.freedesktop.nm-priv-helper +ExecStart=@libexecdir@/nm-priv-helper +NotifyAccess=main + +# Extra configuration options. Set via `systemctl edit +# nm-priv-helper.service`: +# +# FOR TESTING ONLY: disable authentication to allow requests from +# everybody. Don't set this outside of testing! +#Environment=NM_PRIV_HELPER_NO_AUTH_FOR_TESTING=1 +# +# The logging level for debug messages (to stdout). +#Environment=NM_PRIV_HELPER_LOG=TRACE +# +# nm-priv-helper will exit on idle after timeout. Set timeout here or +# set to 2147483647 for infinity. + +#Environment=NM_PRIV_HELPER_IDLE_TIMEOUT_MSEC=10000 + + +# Restrict: +AmbientCapabilities= +CapabilityBoundingSet= +PrivateDevices=true +PrivateMounts=true +PrivateNetwork=true +PrivateTmp=true +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +RestrictAddressFamilies= +RestrictNamespaces=true +SystemCallFilter=~@clock +SystemCallFilter=~@cpu-emulation +SystemCallFilter=~@debug +SystemCallFilter=~@module +SystemCallFilter=~@mount +SystemCallFilter=~@obsolete +SystemCallFilter=~@privileged +SystemCallFilter=~@raw-io +SystemCallFilter=~@reboot +SystemCallFilter=~@swap +NoNewPrivileges=true +SupplementaryGroups= + +# Grant: +CapabilityBoundingSet=CAP_DAC_OVERRIDE +PrivateUsers=no +RestrictAddressFamilies=AF_UNIX +SystemCallFilter=@resources + + +[Install] +Alias=dbus-org.freedesktop.nm-priv-helper.service diff --git a/data/nm-sudo.service.in b/data/nm-sudo.service.in deleted file mode 100644 index 5f8701009b..0000000000 --- a/data/nm-sudo.service.in +++ /dev/null @@ -1,75 +0,0 @@ -[Unit] -Description=NetworkManager Sudo Helper -# -# nm-sudo exists for privilege separation. It allows to run NetworkManager -# without certain capabilities, and ask nm-sudo for special operations -# where more privileges are required. -# -# While nm-sudo has privileges that NetworkManager has not, it does not -# mean that itself should run totally unconstrained. On the contrary, it -# also should only have permissions it requires. -# -# nm-sudo rejects all requests that come from any other than the name -# owner of "org.freedesktop.NetworkManager" (that is, NetworkManager process -# itself). It is thus only an implementation detail and provides no public -# API to the user. - -[Service] -Type=dbus -BusName=org.freedesktop.nm.sudo -ExecStart=@libexecdir@/nm-sudo -NotifyAccess=main - -# Extra configuration options. Set via `systemctl edit nm-sudo.service`: -# -# FOR TESTING ONLY: disable authentication to allow requests from -# everybody. Don't set this outside of testing! -#Environment=NM_SUDO_NO_AUTH_FOR_TESTING=1 -# -# The logging level for debug messages (to stdout). -#Environment=NM_SUDO_LOG=TRACE -# -# nm-sudo will exit on idle after timeout. Set timeout here -# or set to 2147483647 for infinity. -#Environment=NM_SUDO_IDLE_TIMEOUT_MSEC=10000 - - -# Restrict: -AmbientCapabilities= -CapabilityBoundingSet= -PrivateDevices=true -PrivateMounts=true -PrivateNetwork=true -PrivateTmp=true -ProtectClock=true -ProtectControlGroups=true -ProtectHome=true -ProtectHostname=true -ProtectKernelLogs=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectSystem=strict -RestrictAddressFamilies= -RestrictNamespaces=true -SystemCallFilter=~@clock -SystemCallFilter=~@cpu-emulation -SystemCallFilter=~@debug -SystemCallFilter=~@module -SystemCallFilter=~@mount -SystemCallFilter=~@obsolete -SystemCallFilter=~@privileged -SystemCallFilter=~@raw-io -SystemCallFilter=~@reboot -SystemCallFilter=~@swap -NoNewPrivileges=true -SupplementaryGroups= - -# Grant: -CapabilityBoundingSet=CAP_DAC_OVERRIDE -PrivateUsers=no -RestrictAddressFamilies=AF_UNIX -SystemCallFilter=@resources - - -[Install] -Alias=dbus-org.freedesktop.nm.sudo.service diff --git a/po/POTFILES.skip b/po/POTFILES.skip index 399b1e6b5c..1daa617b91 100644 --- a/po/POTFILES.skip +++ b/po/POTFILES.skip @@ -2,7 +2,7 @@ contrib/fedora/rpm/ data/NetworkManager-dispatcher.service.in data/NetworkManager-wait-online.service.in data/NetworkManager.service.in -data/nm-sudo.service.in +data/nm-priv-helper.service.in data/org.freedesktop.NetworkManager.policy.in examples/python/NetworkManager.py examples/python/systray/eggtrayicon.c diff --git a/src/README.md b/src/README.md index e923ef7f25..59c062f642 100644 --- a/src/README.md +++ b/src/README.md @@ -27,7 +27,7 @@ Read the individual README.md files in the subdirectories for details: | [nm-initrd-generator/](nm-initrd-generator/) | generates NetworkManager configuration by parsing kernel command line options for dracut/initrd | | [nm-dispatcher/](nm-dispatcher/) | NetworkManager-dispatcher service to run user scripts | | [nm-online/](nm-online/) | application which checks whether NetworkManager is done, for implementing NetworkManager-wait-online.service | -| [nm-sudo/](nm-sudo/) | internal service for privileged operations | +| [nm-priv-helper/](nm-priv-helper/) | internal service for privileged operations | | [nm-daemon-helper/](nm-daemon-helper/) | internal helper binary spawned by NetworkManager | | | | | [libnm-std-aux/](libnm-std-aux/) | internal helper library for standard C | diff --git a/src/core/devices/ovs/nm-ovsdb.c b/src/core/devices/ovs/nm-ovsdb.c index 9407b08946..7c45e0e48b 100644 --- a/src/core/devices/ovs/nm-ovsdb.c +++ b/src/core/devices/ovs/nm-ovsdb.c @@ -17,7 +17,7 @@ #include "devices/nm-device.h" #include "nm-manager.h" #include "nm-setting-ovs-external-ids.h" -#include "nm-sudo-call.h" +#include "nm-priv-helper-call.h" /*****************************************************************************/ @@ -2384,7 +2384,7 @@ _ovsdb_connect_complete_with_fd(NMOvsdb *self, int fd_take) } static void -_ovsdb_connect_sudo_cb(int fd_take, GError *error, gpointer user_data) +_ovsdb_connect_priv_helper_cb(int fd_take, GError *error, gpointer user_data) { nm_auto_close int fd = fd_take; NMOvsdb *self; @@ -2395,12 +2395,12 @@ _ovsdb_connect_sudo_cb(int fd_take, GError *error, gpointer user_data) self = user_data; if (error) { - _LOGT("connect: failure to get FD from nm-sudo: %s", error->message); + _LOGT("connect: failure to get FD from nm-priv-helper: %s", error->message); ovsdb_disconnect(self, FALSE, FALSE); return; } - _LOGT("connect: connected successfully with FD from nm-sudo"); + _LOGT("connect: connected successfully with FD from nm-priv-helper"); _ovsdb_connect_complete_with_fd(self, nm_steal_fd(&fd)); } @@ -2418,20 +2418,20 @@ _ovsdb_connect_idle(gpointer user_data, GCancellable *cancellable) self = user_data; priv = NM_OVSDB_GET_PRIVATE(self); - fd = nm_sudo_utils_open_fd(NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET, &error); + fd = nm_priv_helper_utils_open_fd(NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET, &error); if (fd == -ENOENT) { _LOGT("connect: opening %s failed (\"%s\")", NM_OVSDB_SOCKET, error->message); ovsdb_disconnect(self, FALSE, FALSE); return; } if (fd < 0) { - _LOGT("connect: opening %s failed (\"%s\"). Retry with nm-sudo", + _LOGT("connect: opening %s failed (\"%s\"). Retry with nm-priv-helper", NM_OVSDB_SOCKET, error->message); - nm_sudo_call_get_fd(NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET, - priv->conn_cancellable, - _ovsdb_connect_sudo_cb, - self); + nm_priv_helper_call_get_fd(NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET, + priv->conn_cancellable, + _ovsdb_connect_priv_helper_cb, + self); return; } diff --git a/src/core/meson.build b/src/core/meson.build index 5bd10dba0b..2148d23b76 100644 --- a/src/core/meson.build +++ b/src/core/meson.build @@ -170,7 +170,7 @@ libNetworkManager = static_library( 'nm-rfkill-manager.c', 'nm-session-monitor.c', 'nm-sleep-monitor.c', - 'nm-sudo-call.c', + 'nm-priv-helper-call.c', ), dependencies: nm_deps, link_with: [ diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c index a30dbe084f..7714e4a2ba 100644 --- a/src/core/nm-manager.c +++ b/src/core/nm-manager.c @@ -41,10 +41,10 @@ #include "nm-hostname-manager.h" #include "nm-keep-alive.h" #include "nm-policy.h" +#include "nm-priv-helper-call.h" #include "nm-rfkill-manager.h" #include "nm-session-monitor.h" #include "nm-sleep-monitor.h" -#include "nm-sudo-call.h" #include "settings/nm-settings-connection.h" #include "settings/nm-settings.h" #include "vpn/nm-vpn-manager.h" @@ -216,8 +216,8 @@ typedef struct { #if WITH_OPENVSWITCH /* these fields only serve the purpose to use the symbols.*/ - void (*_use_symbol_nm_sudo_call_get_fd)(void); - void (*_use_symbol_nm_sudo_utils_open_fd)(void); + void (*_use_symbol_nm_priv_helper_call_get_fd)(void); + void (*_use_symbol_nm_priv_helper_utils_open_fd)(void); #endif } NMManagerClass; @@ -8532,8 +8532,10 @@ nm_manager_class_init(NMManagerClass *manager_class) /* Use the symbols. These symbols are in NetworkManager binary but will be * used by the OVS device plugin. If we don't use the symbol here, it will * be wrongly dropped. */ - manager_class->_use_symbol_nm_sudo_call_get_fd = (void (*)(void)) nm_sudo_call_get_fd; - manager_class->_use_symbol_nm_sudo_utils_open_fd = (void (*)(void)) nm_sudo_utils_open_fd; + manager_class->_use_symbol_nm_priv_helper_call_get_fd = + (void (*)(void)) nm_priv_helper_call_get_fd; + manager_class->_use_symbol_nm_priv_helper_utils_open_fd = + (void (*)(void)) nm_priv_helper_utils_open_fd; #endif dbus_object_class->export_path = NM_DBUS_EXPORT_PATH_STATIC(NM_DBUS_PATH); diff --git a/src/core/nm-sudo-call.c b/src/core/nm-priv-helper-call.c similarity index 63% rename from src/core/nm-sudo-call.c rename to src/core/nm-priv-helper-call.c index a08f2aef07..4f07481daa 100644 --- a/src/core/nm-sudo-call.c +++ b/src/core/nm-priv-helper-call.c @@ -2,7 +2,7 @@ #include "src/core/nm-default-daemon.h" -#include "nm-sudo-call.h" +#include "nm-priv-helper-call.h" #include @@ -11,14 +11,14 @@ /*****************************************************************************/ static void -_nm_sudo_call_get_fd_cb(GObject *source, GAsyncResult *res, gpointer user_data) +_nm_priv_helper_call_get_fd_cb(GObject *source, GAsyncResult *res, gpointer user_data) { - NMSudoCallGetFDCallback callback; - gpointer callback_data; - gs_unref_variant GVariant *ret = NULL; - gs_free_error GError *error = NULL; - gs_unref_object GUnixFDList *fd_list = NULL; - gs_free int *fd_arr = NULL; + NMPrivHelperCallGetFDCallback callback; + gpointer callback_data; + gs_unref_variant GVariant *ret = NULL; + gs_free_error GError *error = NULL; + gs_unref_object GUnixFDList *fd_list = NULL; + gs_free int *fd_arr = NULL; nm_utils_user_data_unpack(user_data, &callback, &callback_data); @@ -35,7 +35,7 @@ _nm_sudo_call_get_fd_cb(GObject *source, GAsyncResult *res, gpointer user_data) if (!fd_list || g_unix_fd_list_get_length(fd_list) != 1) { nm_utils_error_set(&error, NM_UTILS_ERROR_UNKNOWN, - "Unexpectedly not one FD is returned by nm-sudo GetFD()"); + "Unexpectedly not one FD is returned by nm-priv-helper GetFD()"); callback(-1, error, callback_data); return; } @@ -47,46 +47,48 @@ _nm_sudo_call_get_fd_cb(GObject *source, GAsyncResult *res, gpointer user_data) } static gboolean -_nm_sudo_call_get_fd_fail_on_idle(gpointer user_data) +_nm_priv_helper_call_get_fd_fail_on_idle(gpointer user_data) { gs_unref_object GCancellable *cancellable = NULL; - NMSudoCallGetFDCallback callback; + NMPrivHelperCallGetFDCallback callback; gpointer callback_data; gs_free_error GError *error = NULL; nm_utils_user_data_unpack(user_data, &cancellable, &callback, &callback_data); if (!g_cancellable_set_error_if_cancelled(cancellable, &error)) - nm_utils_error_set(&error, NM_UTILS_ERROR_UNKNOWN, "Cannot talk to nm-sudo without D-Bus"); + nm_utils_error_set(&error, + NM_UTILS_ERROR_UNKNOWN, + "Cannot talk to nm-priv-helper without D-Bus"); callback(-1, error, callback_data); return G_SOURCE_REMOVE; } void -nm_sudo_call_get_fd(NMSudoGetFDType fd_type, - GCancellable *cancellable, - NMSudoCallGetFDCallback callback, - gpointer user_data) +nm_priv_helper_call_get_fd(NMPrivHelperGetFDType fd_type, + GCancellable *cancellable, + NMPrivHelperCallGetFDCallback callback, + gpointer user_data) { GDBusConnection *dbus_connection; - nm_assert(NM_IN_SET(fd_type, NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET)); + nm_assert(NM_IN_SET(fd_type, NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET)); nm_assert(!cancellable || G_IS_CANCELLABLE(cancellable)); nm_assert(callback); dbus_connection = NM_MAIN_DBUS_CONNECTION_GET; if (!dbus_connection) { - nm_g_idle_add(_nm_sudo_call_get_fd_fail_on_idle, + nm_g_idle_add(_nm_priv_helper_call_get_fd_fail_on_idle, nm_utils_user_data_pack(g_object_ref(cancellable), callback, user_data)); return; } g_dbus_connection_call_with_unix_fd_list(dbus_connection, - NM_SUDO_DBUS_BUS_NAME, - NM_SUDO_DBUS_OBJECT_PATH, - NM_SUDO_DBUS_IFACE_NAME, + NM_PRIV_HELPER_DBUS_BUS_NAME, + NM_PRIV_HELPER_DBUS_OBJECT_PATH, + NM_PRIV_HELPER_DBUS_IFACE_NAME, "GetFD", g_variant_new("(u)", fd_type), G_VARIANT_TYPE("()"), @@ -94,6 +96,6 @@ nm_sudo_call_get_fd(NMSudoGetFDType fd_type, 10000, NULL, cancellable, - _nm_sudo_call_get_fd_cb, + _nm_priv_helper_call_get_fd_cb, nm_utils_user_data_pack(callback, user_data)); } diff --git a/src/core/nm-priv-helper-call.h b/src/core/nm-priv-helper-call.h new file mode 100644 index 0000000000..334daa77f3 --- /dev/null +++ b/src/core/nm-priv-helper-call.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#ifndef __NM_PRIV_HELPER_CALL_H__ +#define __NM_PRIV_HELPER_CALL_H__ + +#include "../libnm-base/nm-priv-helper-utils.h" + +typedef void (*NMPrivHelperCallGetFDCallback)(int fd_take, GError *error, gpointer user_data); + +void nm_priv_helper_call_get_fd(NMPrivHelperGetFDType fd_type, + GCancellable *cancellable, + NMPrivHelperCallGetFDCallback callback, + gpointer user_data); + +#endif /* __NM_PRIV_HELPER_CALL_H__ */ diff --git a/src/core/nm-sudo-call.h b/src/core/nm-sudo-call.h deleted file mode 100644 index feb2c25c24..0000000000 --- a/src/core/nm-sudo-call.h +++ /dev/null @@ -1,15 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ - -#ifndef __NM_SUDO_CALL_H__ -#define __NM_SUDO_CALL_H__ - -#include "libnm-base/nm-sudo-utils.h" - -typedef void (*NMSudoCallGetFDCallback)(int fd_take, GError *error, gpointer user_data); - -void nm_sudo_call_get_fd(NMSudoGetFDType fd_type, - GCancellable *cancellable, - NMSudoCallGetFDCallback callback, - gpointer user_data); - -#endif /* __NM_SUDO_CALL_H__ */ diff --git a/src/libnm-base/meson.build b/src/libnm-base/meson.build index 3cd554d269..1bb61020da 100644 --- a/src/libnm-base/meson.build +++ b/src/libnm-base/meson.build @@ -5,7 +5,7 @@ libnm_base = static_library( sources: files( 'nm-ethtool-base.c', 'nm-net-aux.c', - 'nm-sudo-utils.c', + 'nm-priv-helper-utils.c', ), include_directories: [ src_inc, diff --git a/src/libnm-base/nm-sudo-utils.c b/src/libnm-base/nm-priv-helper-utils.c similarity index 88% rename from src/libnm-base/nm-sudo-utils.c rename to src/libnm-base/nm-priv-helper-utils.c index fd9bac94f6..8e6e407574 100644 --- a/src/libnm-base/nm-sudo-utils.c +++ b/src/libnm-base/nm-priv-helper-utils.c @@ -2,7 +2,7 @@ #include "libnm-glib-aux/nm-default-glib-i18n-lib.h" -#include "nm-sudo-utils.h" +#include "nm-priv-helper-utils.h" #include #include @@ -12,14 +12,14 @@ /*****************************************************************************/ int -nm_sudo_utils_open_fd(NMSudoGetFDType fd_type, GError **error) +nm_priv_helper_utils_open_fd(NMPrivHelperGetFDType fd_type, GError **error) { nm_auto_close int fd = -1; int r; int errsv; switch (fd_type) { - case NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET: + case NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET: { struct sockaddr_un sock; int sock_len; @@ -48,7 +48,7 @@ nm_sudo_utils_open_fd(NMSudoGetFDType fd_type, GError **error) return nm_steal_fd(&fd); } - case NM_SUDO_GET_FD_TYPE_NONE: + case NM_PRIV_HELPER_GET_FD_TYPE_NONE: default: nm_utils_error_set(error, NM_UTILS_ERROR_UNKNOWN, "invalid fd_type"); return -EINVAL; diff --git a/src/libnm-base/nm-priv-helper-utils.h b/src/libnm-base/nm-priv-helper-utils.h new file mode 100644 index 0000000000..22387cff46 --- /dev/null +++ b/src/libnm-base/nm-priv-helper-utils.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#ifndef __NM_PRIV_HELPER_UTILS_H__ +#define __NM_PRIV_HELPER_UTILS_H__ + +/*****************************************************************************/ + +#define NM_PRIV_HELPER_DBUS_BUS_NAME "org.freedesktop.nm-priv-helper" +#define NM_PRIV_HELPER_DBUS_OBJECT_PATH "/org/freedesktop/nm-priv-helper" +#define NM_PRIV_HELPER_DBUS_IFACE_NAME "org.freedesktop.nm-priv-helper" + +/*****************************************************************************/ + +#define NM_OVSDB_SOCKET RUNSTATEDIR "/openvswitch/db.sock" + +typedef enum { + NM_PRIV_HELPER_GET_FD_TYPE_NONE = 0, + NM_PRIV_HELPER_GET_FD_TYPE_OVSDB_SOCKET = 1, +} NMPrivHelperGetFDType; + +int nm_priv_helper_utils_open_fd(NMPrivHelperGetFDType fd_type, GError **error); + +#endif /* __NM_PRIV_HELPER_UTILS_H__ */ diff --git a/src/libnm-base/nm-sudo-utils.h b/src/libnm-base/nm-sudo-utils.h deleted file mode 100644 index 01597fe467..0000000000 --- a/src/libnm-base/nm-sudo-utils.h +++ /dev/null @@ -1,23 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ - -#ifndef __NM_SUDO_UTILS_H__ -#define __NM_SUDO_UTILS_H__ - -/*****************************************************************************/ - -#define NM_SUDO_DBUS_BUS_NAME "org.freedesktop.nm.sudo" -#define NM_SUDO_DBUS_OBJECT_PATH "/org/freedesktop/nm/sudo" -#define NM_SUDO_DBUS_IFACE_NAME "org.freedesktop.nm.sudo" - -/*****************************************************************************/ - -#define NM_OVSDB_SOCKET RUNSTATEDIR "/openvswitch/db.sock" - -typedef enum { - NM_SUDO_GET_FD_TYPE_NONE = 0, - NM_SUDO_GET_FD_TYPE_OVSDB_SOCKET = 1, -} NMSudoGetFDType; - -int nm_sudo_utils_open_fd(NMSudoGetFDType fd_type, GError **error); - -#endif /* __NM_SUDO_UTILS_H__ */ diff --git a/src/meson.build b/src/meson.build index 4751a29684..ab69691566 100644 --- a/src/meson.build +++ b/src/meson.build @@ -93,7 +93,7 @@ if enable_nmtui endif subdir('nmcli') subdir('nm-dispatcher') -subdir('nm-sudo') +subdir('nm-priv-helper') subdir('nm-daemon-helper') subdir('nm-online') if enable_nmtui diff --git a/src/nm-priv-helper/README.md b/src/nm-priv-helper/README.md new file mode 100644 index 0000000000..576da7a70b --- /dev/null +++ b/src/nm-priv-helper/README.md @@ -0,0 +1,24 @@ +nm-priv-helper +============== + +This is a D-Bus activatable, exit-on-idle service, which +provides an internal API to NetworkManager daemon. + +This has no purpose for the user, it is an implementation detail +of the daemon. + +The purpose is that `nm-priv-helper` can execute certain +privileged operations which NetworkManager process is not +allowed to. We want to sandbox NetworkManager as much as +possible, and nm-priv-helper provides a controlled way to +perform some very specific operations. + +As such, nm-priv-helper should still be sandboxed too to only +being able to execute the operations that are necessary for +NetworkManager. + +nm-priv-helper will reject all D-Bus requests that are not +originating from the current name owner of +"org.freedesktop.NetworkManager". That is, it is supposed to +only reply to NetworkManager daemon and as such is not useful to +the user directly. diff --git a/src/nm-sudo/meson.build b/src/nm-priv-helper/meson.build similarity index 82% rename from src/nm-sudo/meson.build rename to src/nm-priv-helper/meson.build index 875ce3d515..e9f8a7c3e1 100644 --- a/src/nm-sudo/meson.build +++ b/src/nm-priv-helper/meson.build @@ -1,20 +1,20 @@ # SPDX-License-Identifier: LGPL-2.1-or-later configure_file( - input: 'org.freedesktop.nm.sudo.service.in', + input: 'org.freedesktop.nm-priv-helper.service.in', output: '@BASENAME@', install_dir: dbus_system_bus_services_dir, configuration: data_conf, ) install_data( - 'nm-sudo.conf', + 'nm-priv-helper.conf', install_dir: dbus_conf_dir, ) executable( - 'nm-sudo', - 'nm-sudo.c', + 'nm-priv-helper', + 'nm-priv-helper.c', include_directories : [ src_inc, top_inc, diff --git a/src/nm-sudo/nm-sudo.c b/src/nm-priv-helper/nm-priv-helper.c similarity index 91% rename from src/nm-sudo/nm-sudo.c rename to src/nm-priv-helper/nm-priv-helper.c index a97087a0bb..ec064bca2d 100644 --- a/src/nm-sudo/nm-sudo.c +++ b/src/nm-priv-helper/nm-priv-helper.c @@ -5,15 +5,15 @@ #include #include "c-list/src/c-list.h" -#include "libnm-base/nm-sudo-utils.h" +#include "libnm-base/nm-priv-helper-utils.h" #include "libnm-glib-aux/nm-dbus-aux.h" #include "libnm-glib-aux/nm-io-utils.h" #include "libnm-glib-aux/nm-logging-base.h" #include "libnm-glib-aux/nm-shared-utils.h" #include "libnm-glib-aux/nm-time-utils.h" -/* nm-sudo doesn't link with libnm-core nor libnm-base, but these headers - * can be used independently. */ +/* nm-priv-helper doesn't link with libnm-core nor libnm-base, but these + * headers can be used independently. */ #include "libnm-core-public/nm-dbus-interface.h" /*****************************************************************************/ @@ -57,7 +57,7 @@ struct _GlobalData { bool name_owner_initialized; - /* This is controlled by $NM_SUDO_NO_AUTH_FOR_TESTING. It disables authentication + /* This is controlled by $NM_PRIV_HELPER_NO_AUTH_FOR_TESTING. It disables authentication * of the request, so it is ONLY for testing. */ bool no_auth_for_testing; @@ -116,10 +116,10 @@ _handle_get_fd(GlobalData *gl, GDBusMethodInvocation *invocation, guint32 fd_typ gs_unref_object GUnixFDList *fd_list = NULL; gs_free_error GError *error = NULL; - if (fd_type != (NMSudoGetFDType) fd_type) - fd_type = NM_SUDO_GET_FD_TYPE_NONE; + if (fd_type != (NMPrivHelperGetFDType) fd_type) + fd_type = NM_PRIV_HELPER_GET_FD_TYPE_NONE; - fd = nm_sudo_utils_open_fd(fd_type, &error); + fd = nm_priv_helper_utils_open_fd(fd_type, &error); if (fd < 0) { g_dbus_method_invocation_take_error(invocation, g_steal_pointer(&error)); return; @@ -275,8 +275,8 @@ _bus_method_call(GDBusConnection *connection, const char *arg_s; guint32 arg_u; - nm_assert(nm_streq(object_path, NM_SUDO_DBUS_OBJECT_PATH)); - nm_assert(nm_streq(interface_name, NM_SUDO_DBUS_IFACE_NAME)); + nm_assert(nm_streq(object_path, NM_PRIV_HELPER_DBUS_OBJECT_PATH)); + nm_assert(nm_streq(interface_name, NM_PRIV_HELPER_DBUS_IFACE_NAME)); if (!gl->no_auth_for_testing && !nm_streq0(sender, gl->name_owner)) { _LOGT("dbus: request sender=%s, %s%s, ACCESS DENIED", @@ -312,7 +312,7 @@ _bus_method_call(GDBusConnection *connection, method_name, g_variant_get_type_string(parameters)); - if (!nm_streq(interface_name, NM_SUDO_DBUS_IFACE_NAME)) + if (!nm_streq(interface_name, NM_PRIV_HELPER_DBUS_IFACE_NAME)) goto out_unknown_method; if (nm_streq(method_name, "GetFD")) { @@ -335,7 +335,7 @@ out_unknown_method: } static GDBusInterfaceInfo *const interface_info = NM_DEFINE_GDBUS_INTERFACE_INFO( - NM_SUDO_DBUS_IFACE_NAME, + NM_PRIV_HELPER_DBUS_IFACE_NAME, .methods = NM_DEFINE_GDBUS_METHOD_INFOS( NM_DEFINE_GDBUS_METHOD_INFO( "Ping", @@ -360,25 +360,27 @@ _bus_register_service(GlobalData *gl) gl->service_regist_id = g_dbus_connection_register_object(gl->dbus_connection, - NM_SUDO_DBUS_OBJECT_PATH, + NM_PRIV_HELPER_DBUS_OBJECT_PATH, interface_info, NM_UNCONST_PTR(GDBusInterfaceVTable, &interface_vtable), gl, NULL, &error); if (gl->service_regist_id == 0) { - _LOGE("dbus: error registering object %s: %s", NM_SUDO_DBUS_OBJECT_PATH, error->message); + _LOGE("dbus: error registering object %s: %s", + NM_PRIV_HELPER_DBUS_OBJECT_PATH, + error->message); return FALSE; } - _LOGD("dbus: object %s registered", NM_SUDO_DBUS_OBJECT_PATH); + _LOGD("dbus: object %s registered", NM_PRIV_HELPER_DBUS_OBJECT_PATH); /* regardless whether the request is successful, after we start calling * RequestName, we remember that we need to ReleaseName it. */ gl->name_requested = TRUE; nm_dbus_connection_call_request_name(gl->dbus_connection, - NM_SUDO_DBUS_BUS_NAME, + NM_PRIV_HELPER_DBUS_BUS_NAME, DBUS_NAME_FLAG_ALLOW_REPLACEMENT | DBUS_NAME_FLAG_REPLACE_EXISTING, 10000, @@ -396,7 +398,7 @@ _bus_register_service(GlobalData *gl) return FALSE; if (error) { - _LOGE("d-bus: failed to request name %s: %s", NM_SUDO_DBUS_BUS_NAME, error->message); + _LOGE("d-bus: failed to request name %s: %s", NM_PRIV_HELPER_DBUS_BUS_NAME, error->message); return FALSE; } @@ -404,12 +406,12 @@ _bus_register_service(GlobalData *gl) if (ret_val != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) { _LOGW("dbus: request name for %s failed to take name (response %u)", - NM_SUDO_DBUS_BUS_NAME, + NM_PRIV_HELPER_DBUS_BUS_NAME, ret_val); return FALSE; } - _LOGD("dbus: request name for %s succeeded", NM_SUDO_DBUS_BUS_NAME); + _LOGD("dbus: request name for %s succeeded", NM_PRIV_HELPER_DBUS_BUS_NAME); return TRUE; } @@ -538,7 +540,7 @@ _bus_release_name(GlobalData *gl) DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS, "ReleaseName", - g_variant_new("(s)", NM_SUDO_DBUS_BUS_NAME), + g_variant_new("(s)", NM_PRIV_HELPER_DBUS_BUS_NAME), G_VARIANT_TYPE("(u)"), G_DBUS_CALL_FLAGS_NONE, 10000, @@ -554,12 +556,17 @@ static void _initial_setup(GlobalData *gl) { gl->no_auth_for_testing = - _nm_utils_ascii_str_to_int64(g_getenv(_ENV("NM_SUDO_NO_AUTH_FOR_TESTING")), 0, 0, 1, 0); - gl->timeout_msec = _nm_utils_ascii_str_to_int64(g_getenv(_ENV("NM_SUDO_IDLE_TIMEOUT_MSEC")), - 0, - 0, - G_MAXINT32, - IDLE_TIMEOUT_MSEC); + _nm_utils_ascii_str_to_int64(g_getenv(_ENV("NM_PRIV_HELPER_NO_AUTH_FOR_TESTING")), + 0, + 0, + 1, + 0); + gl->timeout_msec = + _nm_utils_ascii_str_to_int64(g_getenv(_ENV("NM_PRIV_HELPER_IDLE_TIMEOUT_MSEC")), + 0, + 0, + G_MAXINT32, + IDLE_TIMEOUT_MSEC); gl->quit_cancellable = g_cancellable_new(); @@ -580,17 +587,17 @@ main(int argc, char **argv) int exit_code; int r = 0; - _nm_logging_enabled_init(g_getenv(_ENV("NM_SUDO_LOG"))); + _nm_logging_enabled_init(g_getenv(_ENV("NM_PRIV_HELPER_LOG"))); gl->start_timestamp_msec = nm_utils_clock_gettime_msec(CLOCK_BOOTTIME); - _LOGD("starting nm-sudo (%s)", NM_DIST_VERSION); + _LOGD("starting nm-priv-helper (%s)", NM_DIST_VERSION); _initial_setup(gl); if (gl->no_auth_for_testing) { _LOGW("WARNING: running in debug mode without authentication " - "(NM_SUDO_NO_AUTH_FOR_TESTING). "); + "(NM_PRIV_HELPER_NO_AUTH_FOR_TESTING). "); } if (gl->timeout_msec != IDLE_TIMEOUT_INFINITY) diff --git a/src/nm-sudo/nm-sudo.conf b/src/nm-priv-helper/nm-priv-helper.conf similarity index 51% rename from src/nm-sudo/nm-sudo.conf rename to src/nm-priv-helper/nm-priv-helper.conf index 922c62314a..c56b20077e 100644 --- a/src/nm-sudo/nm-sudo.conf +++ b/src/nm-priv-helper/nm-priv-helper.conf @@ -3,11 +3,11 @@ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - - + + - - + + diff --git a/src/nm-priv-helper/org.freedesktop.nm-priv-helper.service.in b/src/nm-priv-helper/org.freedesktop.nm-priv-helper.service.in new file mode 100644 index 0000000000..0ca3066922 --- /dev/null +++ b/src/nm-priv-helper/org.freedesktop.nm-priv-helper.service.in @@ -0,0 +1,5 @@ +[D-BUS Service] +Name=org.freedesktop.nm-priv-helper +Exec=@libexecdir@/nm-priv-helper +User=root +SystemdService=dbus-org.freedesktop.nm-priv-helper.service diff --git a/src/nm-sudo/README.md b/src/nm-sudo/README.md deleted file mode 100644 index 13fd488185..0000000000 --- a/src/nm-sudo/README.md +++ /dev/null @@ -1,21 +0,0 @@ -nm-sudo -======= - -This is a D-Bus activatable, exit-on-idle service, which -provides an internal API to NetworkManager daemon. - -This has no purpose for the user, it is an implementation detail -of the daemon. - -The purpose is that `nm-sudo` can execute certain operations, -which NetworkManager process is not allowed to. We want to -sandbox NetworkManager as much as possible, and nm-sudo provides -a controlled way to perform some very specific operations. - -As such, nm-sudo should still be sandboxed too to only being -able to execute the operations that are necessary for NetworkManager. - -nm-sudo will reject all D-Bus requests that are not originating -from the current name owner of "org.freedesktop.NetworkManager". -That is, it is supposed to only reply to NetworkManager daemon -and as such is not useful to the user directly. diff --git a/src/nm-sudo/org.freedesktop.nm.sudo.service.in b/src/nm-sudo/org.freedesktop.nm.sudo.service.in deleted file mode 100644 index 43d29de14d..0000000000 --- a/src/nm-sudo/org.freedesktop.nm.sudo.service.in +++ /dev/null @@ -1,5 +0,0 @@ -[D-BUS Service] -Name=org.freedesktop.nm.sudo -Exec=@libexecdir@/nm-sudo -User=root -SystemdService=dbus-org.freedesktop.nm.sudo.service