mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-07-21 10:14:41 +00:00
f137b32d31
NetworkManager runs as root and has lots of capabilities. We want to reduce the attach surface by dropping capabilities, but there is a genuine need to do certain things. For example, we currently require dac_override capability, to open the unix socket of ovsdb. Most users wouldn't use OVS, so we should find a way to not require that dac_override capability. The solution is to have a separate, D-Bus activate service (nm-sudo), which has the capability to open and provide the file descriptor. For authentication, we only rely on D-Bus. We watch the name owner of NetworkManager, and only accept requests from that service. We trust D-Bus to get it right a request from that name owner is really coming from NetworkManager. If we couldn't trust that, how could PolicyKit or any authentication via D-Bus work? For testing, the user can set NM_SUDO_NO_AUTH_FOR_TESTING=1. https://bugzilla.redhat.com/show_bug.cgi?id=1921826 |
||
|---|---|---|
| .. | ||
| 84-nm-drivers.rules | ||
| 85-nm-unmanaged.rules | ||
| 90-nm-thunderbolt.rules | ||
| meson.build | ||
| NetworkManager-dispatcher.service.in | ||
| NetworkManager-ovs.conf | ||
| NetworkManager-wait-online-systemd-pre200.service.in | ||
| NetworkManager-wait-online.service.in | ||
| NetworkManager.service.in | ||
| nm-shared.xml | ||
| nm-sudo.service.in | ||
| org.freedesktop.NetworkManager.policy.in.in | ||
| server.conf.in | ||