X-Loop: help-debbugs@HIDDEN Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon Resent-From: Rodion Goritskov <rodion@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Thu, 24 Apr 2025 19:05:02 +0000 Resent-Message-ID: <handler.78047.B.17455214527126 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: report 78047 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 78047 <at> debbugs.gnu.org X-Debbugs-Original-To: bug-guix@HIDDEN Received: via spool by submit <at> debbugs.gnu.org id=B.17455214527126 (code B ref -1); Thu, 24 Apr 2025 19:05:02 +0000 Received: (at submit) by debbugs.gnu.org; 24 Apr 2025 19:04:12 +0000 Received: from localhost ([127.0.0.1]:41258 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1u81ro-0001qs-Cl for submit <at> debbugs.gnu.org; Thu, 24 Apr 2025 15:04:12 -0400 Received: from lists.gnu.org ([2001:470:142::17]:54280) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <rodion@HIDDEN>) id 1u81rk-0001pv-JO for submit <at> debbugs.gnu.org; Thu, 24 Apr 2025 15:04:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <rodion@HIDDEN>) id 1u81rG-0006GZ-2R for bug-guix@HIDDEN; Thu, 24 Apr 2025 15:03:41 -0400 Received: from mail.goritskov.com ([65.108.121.176]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <rodion@HIDDEN>) id 1u81rD-0003MV-Mn for bug-guix@HIDDEN; Thu, 24 Apr 2025 15:03:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=goritskov.com; s=04012025; t=1745521407; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=g9uOij5ztnuT++Hb8NqI7RTtfwqqfByc2kcxlQO5mRw=; b=WQO+FrL9OI+5NsfhmFATL47YoR7lSMW87glH6P86g0tnqNm0q5rsNy4Ot3rUQ/F+rw9hN5 gkjHsCA5YmwCRsKzUiMpSpZr6fFW01wCtXlBTfCfkui4T6g15cdbek+TaX8BKHKKnCxQLr AoYRBKxGWFZMz9T2GT0TZDRqLS4FY1o= Received: from bumblebee-old (port-92-196-247-179.dynamic.as20676.net [92.196.247.179]) by mail.goritskov.com (OpenSMTPD) with ESMTPSA id 34e03c1c (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <bug-guix@HIDDEN>; Thu, 24 Apr 2025 19:03:27 +0000 (UTC) From: Rodion Goritskov <rodion@HIDDEN> Date: Thu, 24 Apr 2025 21:03:22 +0200 Message-ID: <871pth756t.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=65.108.121.176; envelope-from=rodion@HIDDEN; helo=mail.goritskov.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.1 (/) Hi! I tried to opt-in into using guix daemon in unprivileged mode using: > (modify-services %base-services > (guix-service-type config => > (guix-configuration (inherit config) > (privileged? #f)))) After reconfiguration (and finish of the task changing owner of store to guix-daemon), I rebooted system to found out that WiFi not working anymore. I use NetworkManager for the network configuration, with pretty much the default configuration: > (service wpa-supplicant-service-type) > (service network-manager-service-type > (network-manager-configuration (vpn-plugins (list > network-manager-openvpn)))) In logs I can see the following errors: > 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> [1745483655.8534] plugin: skip invalid file /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-ovs.so: file has invalid owner (should be root) > 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> [1745483655.8535] plugin: skip invalid file /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-bluetooth.so: file has invalid owner (should be root) > 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> [1745483655.8536] plugin: skip invalid file /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-adsl.so: file has invalid owner (should be root) > 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> [1745483655.8536] plugin: skip invalid file /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-wifi.so: file has invalid owner (should be root) > 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> > [1745483655.8537] plugin: skip invalid file > /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-wwan.so: > file has invalid owner (should be root) Looks like NetworkManager doesn't like a non-root owner of plugins. After reconfiguration back to the priveleged guix-service-type, NetworkManager is back to normal: > 2025-04-24 11:40:49 localhost NetworkManager[833]: <info> [1745487649.2569] Loaded device plugin: NMOvsFactory (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-ovs.so) > 2025-04-24 11:40:49 localhost NetworkManager[833]: <info> [1745487649.3357] Loaded device plugin: NMBluezManager (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-bluetooth.so) > 2025-04-24 11:40:49 localhost NetworkManager[833]: <info> [1745487649.3373] Loaded device plugin: NMAtmManager (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-adsl.so) > 2025-04-24 11:40:49 localhost NetworkManager[833]: <info> [1745487649.3414] Loaded device plugin: NMWifiFactory (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-wifi.so) > 2025-04-24 11:40:49 localhost NetworkManager[833]: <info> > [1745487649.3427] Loaded device plugin: NMWwanFactory > (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-wwan.so)
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Rodion Goritskov <rodion@HIDDEN> Subject: bug#78047: Acknowledgement (WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon) Message-ID: <handler.78047.B.17455214527126.ack <at> debbugs.gnu.org> References: <871pth756t.fsf@HIDDEN> X-Gnu-PR-Message: ack 78047 X-Gnu-PR-Package: guix Reply-To: 78047 <at> debbugs.gnu.org Date: Thu, 24 Apr 2025 19:05:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 78047 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 78047: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D78047 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Mon, 05 May 2025 15:36:04 +0000 Resent-Message-ID: <handler.78047.B78047.174645932822608 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 78047 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Rodion Goritskov <rodion@HIDDEN> Cc: 78047 <at> debbugs.gnu.org Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.174645932822608 (code B ref 78047); Mon, 05 May 2025 15:36:04 +0000 Received: (at 78047) by debbugs.gnu.org; 5 May 2025 15:35:28 +0000 Received: from localhost ([127.0.0.1]:41793 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1uBxqp-0005sY-Ro for submit <at> debbugs.gnu.org; Mon, 05 May 2025 11:35:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34308) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1uBxqc-0005pD-F6 for 78047 <at> debbugs.gnu.org; Mon, 05 May 2025 11:35:15 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1uBxqW-00024B-Tv; Mon, 05 May 2025 11:35:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=cge4KTXknyFJxOxudE2eDPdiMrhOtqSVAeLVrJpi0KE=; b=VTFJppjts490ptVXhe88 akxivaclAxnx7rEPdeFn+JYsPksCZ2hc3iaQaV3tgFnYy0twOeE5ehILneeE2d+3cJV31rDBJFJAO mXipAZACQ4Jb4TZIeQMc+BBfmqmnTptjs1H1kexZbpLcMnLp+ueVOPqAOlpC4dYML+yNK34MWbOoy acPFVniKuoCONBerJm8LTZER0WiW5ie0Zb42zkvMoyWVjak/rhcJez2ufk5scNBl0XPjunIhlaTOQ Gxplf4OtDT3ZcmOCnIcJA0p+7c5OHUt91L3uMdFw2jaNRrumJ5j85XbP/LsSw5jvcAU/iXzX1OzNC pOK+W0pQu3k36Q==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> In-Reply-To: <871pth756t.fsf@HIDDEN> (Rodion Goritskov's message of "Thu, 24 Apr 2025 21:03:22 +0200") References: <871pth756t.fsf@HIDDEN> Date: Mon, 05 May 2025 15:02:35 +0200 Message-ID: <87y0vb43dg.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, Rodion Goritskov <rodion@HIDDEN> writes: > In logs I can see the following errors: > >> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> >> [1745483655.8534] plugin: skip invalid file >> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N= etworkManager/1.52.0/libnm-device-plugin-ovs.so: >> file has invalid owner (should be root) >> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> >> [1745483655.8535] plugin: skip invalid file >> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N= etworkManager/1.52.0/libnm-device-plugin-bluetooth.so: >> file has invalid owner (should be root) >> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> >> [1745483655.8536] plugin: skip invalid file >> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N= etworkManager/1.52.0/libnm-device-plugin-adsl.so: >> file has invalid owner (should be root) >> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> >> [1745483655.8536] plugin: skip invalid file >> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N= etworkManager/1.52.0/libnm-device-plugin-wifi.so: >> file has invalid owner (should be root) >> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> >> [1745483655.8537] plugin: skip invalid file >> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N= etworkManager/1.52.0/libnm-device-plugin-wwan.so: >> file has invalid owner (should be root) > > Looks like NetworkManager doesn't like a non-root owner of plugins. I think we=E2=80=99ll have to add an activation snippet in the =E2=80=98net= work-manager=E2=80=99 service that copies those files elsewhere with appropriate ownership. Or we could patch NetworkManager. (Maybe wiser.) Thanks, Ludo=E2=80=99.
Received: (at control) by debbugs.gnu.org; 9 May 2025 13:03:38 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 09 09:03:38 2025 Received: from localhost ([127.0.0.1]:36650 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1uDNO6-0007KW-Bb for submit <at> debbugs.gnu.org; Fri, 09 May 2025 09:03:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57568) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1uDNO2-0007K0-88 for control <at> debbugs.gnu.org; Fri, 09 May 2025 09:03:35 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1uDNNw-0005hv-MI for control <at> debbugs.gnu.org; Fri, 09 May 2025 09:03:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to: references; bh=yDV0rsM4jdWtC9RnzRCtwJM+BlM5YrWIhFgtajGH4yk=; b=sRwOUZkNsVOlZP bTN8WWmP3ijl2m99OaEikw7COpzCmbj2mXXYVskO6tHfOyNSE87cQ6U3Q4de0cYe6LZ0jNdnIDVf2 93armAjbo2t0klKQojgNl2Fw/BKOGvaOAzNocfpuWs77qRIUFr0zmaeP+S5ijcdIEkQsHGAXkDpq+ 3G+8v9JMvFptPMXh1EYIyt83lE93cvvZjxU2vh+txJ3GqCEZLsDkFqRmKhUQR+azVQindzLcYRPIg rsrKl52ewfXeSqp0Tj0X0EY1H9azYl/q8XIGrHATZz/lL2CHEdXbQ3qlooiFxm7Cq8r4wOSd5luN3 aatIbQCUGYHfAOYZLDiw==; Date: Fri, 09 May 2025 15:02:04 +0200 Message-Id: <874ixukkdv.fsf@HIDDEN> To: control <at> debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> Subject: control message for bug #78047 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) severity 78047 important quit
X-Loop: help-debbugs@HIDDEN Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon References: <871pth756t.fsf@HIDDEN> In-Reply-To: <871pth756t.fsf@HIDDEN> Resent-From: Gabriel Santos <gabrielsantosdesouza@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Fri, 09 May 2025 23:05:02 +0000 Resent-Message-ID: <handler.78047.B78047.17468318998750 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 78047 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 78047 <at> debbugs.gnu.org Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.17468318998750 (code B ref 78047); Fri, 09 May 2025 23:05:02 +0000 Received: (at 78047) by debbugs.gnu.org; 9 May 2025 23:04:59 +0000 Received: from localhost ([127.0.0.1]:41195 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1uDWm3-0002H0-7I for submit <at> debbugs.gnu.org; Fri, 09 May 2025 19:04:59 -0400 Received: from layka.disroot.org ([178.21.23.139]:34802) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <gabrielsantosdesouza@HIDDEN>) id 1uDWlz-0002Gh-IE for 78047 <at> debbugs.gnu.org; Fri, 09 May 2025 19:04:56 -0400 Received: from mail01.disroot.lan (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 9A9602618A for <78047 <at> debbugs.gnu.org>; Sat, 10 May 2025 01:04:53 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id Vix_XxsMAIBq for <78047 <at> debbugs.gnu.org>; Sat, 10 May 2025 01:04:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1746831893; bh=bFudXqHAM0U6MrNE0it+Yd/pZUEmjCJogDHo9qRe5Hg=; h=Date:From:To:Subject; b=jIELCQ+xT0ltq9vB6Cb7Bs1Zlzxx1zuypnj7UKQwMVrYdbJDGBowuibsPEly6Z60B lPdjAnVSMf++JgS1kJ+17dO3R8Uw4EOqm/Eu8Yen0XwLPWagllEO30wvjdaLw6pAx5 sBzESIai6ch1TIvv4pRaEeJU17vVEMOrCXTTOuKoOm7b1ACLUlMVyZrdCi//Ru32/O 823RLsIjmf7eYDhMhRfe3gycmllpBKRbkAB8UaNj1YlwY6klXGyYPaLClSLyeWaclX WNRxfkeZ1mAqRPuwyH5v4hw+YRAvLUsvN7djk3pD23yGl87q18NU8w3VepgYAw5GUp lnPeNkRVWH1AA== Date: Fri, 09 May 2025 20:04:45 -0300 From: Gabriel Santos <gabrielsantosdesouza@HIDDEN> User-Agent: Thunderbird for Android Message-ID: <779FC18B-5BCE-43B7-BD5C-AAE09FC62DA6@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Thanks for reporting this, I also was impacted by the same issue=2E I'll just do a privileged reinstall=2E --=20 Gabriel Santos
X-Loop: help-debbugs@HIDDEN Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Mon, 19 May 2025 14:36:01 +0000 Resent-Message-ID: <handler.78047.B78047.174766530418387 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 78047 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Rodion Goritskov <rodion@HIDDEN> Cc: guix-devel@HIDDEN, 78047 <at> debbugs.gnu.org Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.174766530418387 (code B ref 78047); Mon, 19 May 2025 14:36:01 +0000 Received: (at 78047) by debbugs.gnu.org; 19 May 2025 14:35:04 +0000 Received: from localhost ([127.0.0.1]:41817 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1uH1a3-0004mT-GJ for submit <at> debbugs.gnu.org; Mon, 19 May 2025 10:35:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58752) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1uH1Zz-0004lC-HJ for 78047 <at> debbugs.gnu.org; Mon, 19 May 2025 10:35:00 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1uH1Zs-0007BS-0b; Mon, 19 May 2025 10:34:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=7IgaFPLi7SQZ8EwCNacaCGY4NrCXSxqtYF4xZNGNzzY=; b=AApCmv7+I6O1AsB40vTy nUtvIX2B+cHbfqiataS7qDGV8gEFu1sWosLCtLXWw5t38wiprkwT+PNsWetiAAvn03/tOwmqGWALK lYj24/883jgSgjfo7P14wM8CzfdOaJKuzUBbpR8APUANIKsOyaVy/2JIosVocV2HpcuuNuKAcPMQa wuSbAxQonpUYsLdxvQ0mNgeMtDN92EL+F0T1toUqJMFSD0SiKAbhGG18Nt9PZX+Le6pCKjJJdn+UP /kq1+M9xfWIboD3qJ0yfTaEH2j3kcIlJORukT4JaZjKQ1nLVwnCfc9VLNlp7np5/arKpcALorA77u qFepTOMIxbbP+A==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> In-Reply-To: <87y0vb43dg.fsf@HIDDEN> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Mon, 05 May 2025 15:02:35 +0200") References: <871pth756t.fsf@HIDDEN> <87y0vb43dg.fsf@HIDDEN> Date: Mon, 19 May 2025 16:33:22 +0200 Message-ID: <87iklw4qml.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, Ludovic Court=C3=A8s <ludo@HIDDEN> writes: >>> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn> >>> [1745483655.8537] plugin: skip invalid file >>> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/= NetworkManager/1.52.0/libnm-device-plugin-wwan.so: >>> file has invalid owner (should be root) >> >> Looks like NetworkManager doesn't like a non-root owner of plugins. > > I think we=E2=80=99ll have to add an activation snippet in the =E2=80=98n= etwork-manager=E2=80=99 > service that copies those files elsewhere with appropriate ownership. > > Or we could patch NetworkManager. (Maybe wiser.) Looking into it, I think this root-ownership check buys us very little: it worked =E2=80=9Cby chance=E2=80=9D, but since anyone can indirectly writ= e into the store (with root ownership), it=E2=80=99s pointless. What matters is that network-manager is configured by root on Guix System, and that it is passed its configuration in the store (unambiguous). So I=E2=80=99m tempted to just remove the check, but I=E2=80=99d rather hav= e more eyeballs on this: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c index 895a991..738f8c7 100644 --- a/src/core/nm-core-utils.c +++ b/src/core/nm-core-utils.c @@ -4319,14 +4319,6 @@ nm_utils_validate_plugin(const char *path, struct stat *st, GError **error) return FALSE; } - if (st->st_uid != 0) { - g_set_error_literal(error, - NM_UTILS_ERROR, - NM_UTILS_ERROR_UNKNOWN, - "file has invalid owner (should be root)"); - return FALSE; - } - if (st->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) { g_set_error_literal(error, NM_UTILS_ERROR, --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 DQpMdWRv4oCZLg0K --=-=-=--
X-Loop: help-debbugs@HIDDEN Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Thu, 05 Jun 2025 22:06:02 +0000 Resent-Message-ID: <handler.78047.B78047.174916111117452 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 78047 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: guix-devel@HIDDEN, 78047 <at> debbugs.gnu.org Cc: Rodion Goritskov <rodion@HIDDEN> Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.174916111117452 (code B ref 78047); Thu, 05 Jun 2025 22:06:02 +0000 Received: (at 78047) by debbugs.gnu.org; 5 Jun 2025 22:05:11 +0000 Received: from localhost ([127.0.0.1]:38663 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1uNIhy-0004XO-FX for submit <at> debbugs.gnu.org; Thu, 05 Jun 2025 18:05:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58848) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1uNIhv-0004X9-UH for 78047 <at> debbugs.gnu.org; Thu, 05 Jun 2025 18:05:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1uNIhq-0007iO-K1; Thu, 05 Jun 2025 18:05:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=Hrg4qGNnUgZR077gwkh2umG9Xsc8zcsxe16hcG7UPAw=; b=cTdT4eN+P7V3xLj06y6M mANbGTXNjlF6xnjLCEJcRsk8r21HfC+jfJGxDstoWTBBbA3bGu764bKUCZcjyMXmoHE4uE+7gIHQh mClJUVikZKj+uKl1A4X6fZjqhUSeTFgXDiOyctvIdRdvZ0tJl5yxW7koG+nRiPNYk4IEvUWgwpgpC 4aKcScI2LLigVx8dzTxHVFPjTzgOUK3s0sm0VQNd76z2g7KRpqy5dtlhS+CRbfRKGGU6qScarwC2Q f4HHcFpl0TaxnKmgKclZ/9lIB/yTQNoQaPMpXKCQJLlCwcKYpQ0bpqAxHt9DNIJhW2lucCd7mwvX8 +GA8G4QZ9Xe8dA==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> In-Reply-To: <87iklw4qml.fsf@HIDDEN> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Mon, 19 May 2025 16:33:22 +0200") References: <871pth756t.fsf@HIDDEN> <87y0vb43dg.fsf@HIDDEN> <87iklw4qml.fsf@HIDDEN> Date: Thu, 05 Jun 2025 22:47:17 +0200 Message-ID: <87zfelex0q.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hello, Ludovic Court=C3=A8s <ludo@HIDDEN> writes: > So I=E2=80=99m tempted to just remove the check, but I=E2=80=99d rather h= ave more > eyeballs on this: > > diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c > index 895a991..738f8c7 100644 > --- a/src/core/nm-core-utils.c > +++ b/src/core/nm-core-utils.c > @@ -4319,14 +4319,6 @@ nm_utils_validate_plugin(const char *path, struct = stat *st, GError **error) > return FALSE; > } >=20=20 > - if (st->st_uid !=3D 0) { > - g_set_error_literal(error, > - NM_UTILS_ERROR, > - NM_UTILS_ERROR_UNKNOWN, > - "file has invalid owner (should be root)"); > - return FALSE; > - } Any objections to this? See <https://issues.guix.gnu.org/78047> for context. Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon References: <871pth756t.fsf@HIDDEN> In-Reply-To: <871pth756t.fsf@HIDDEN> Resent-From: Danny Milosavljevic <dannym@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: bug-guix@HIDDEN Resent-Date: Fri, 06 Jun 2025 08:01:02 +0000 Resent-Message-ID: <handler.78047.B78047.174919684028577 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 78047 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Cc: guix-devel@HIDDEN, 78047 <at> debbugs.gnu.org, Rodion Goritskov <rodion@HIDDEN> Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.174919684028577 (code B ref 78047); Fri, 06 Jun 2025 08:01:02 +0000 Received: (at 78047) by debbugs.gnu.org; 6 Jun 2025 08:00:40 +0000 Received: from localhost ([127.0.0.1]:41513 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1uNS04-0007QJ-0f for submit <at> debbugs.gnu.org; Fri, 06 Jun 2025 04:00:39 -0400 Received: from dragonfly.birch.relay.mailchannels.net ([23.83.209.51]:31909) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <dannym@HIDDEN>) id 1uNRzx-0007Pg-8L for 78047 <at> debbugs.gnu.org; Fri, 06 Jun 2025 04:00:24 -0400 X-Sender-Id: dreamhost|x-authsender|dannym@HIDDEN Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id ED0078A5652; Fri, 6 Jun 2025 08:00:17 +0000 (UTC) Received: from pdx1-sub0-mail-a273.dreamhost.com (trex-green-4.trex.outbound.svc.cluster.local [100.124.120.130]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id BB8118A5CEF; Fri, 6 Jun 2025 08:00:12 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1749196812; a=rsa-sha256; cv=none; b=I87Nf5v4SL7N3oX0QFwTSvVQBZhLLXg1/3aRvp55p+lm5LxJdAC5AFgnViVYpZga9c//Vm gA23Z2WjUIzkkkETEUcDbaki2J8XwQp9p3Tr8SuSjfn/LU07NR1asA7TrY4fzwotGpaYnR gScaPrEffdNdVXVr24r04YT1mOXM/thjkY85a9N9Dh0wMq6at0h79oGsWk0U9j89aGeFGq WL/sNcBwDtXQdQidwc1JSYmHEB7XFSKEplNIg1AThgJuTcfU8VsjnX/dJc7XiAzYXVQYXP RABsbG9rYXs+eqKpbEdQ1VP/Lw6qAX1hDzprqdEVch16AdZwmnsda+ubZbF5dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1749196812; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: dkim-signature; bh=VTszRBRNV5Rn8e9sx0454B4iLyKoJmyV5eTWu1hWc7I=; b=036XpyyYjosEiT1R/G4IOEcSiv5dmFz0CL8BBDTYAlFw2FveUhuoLESvcKyFxTX3p7Ee37 Z7tNF+/ahRtTMGrk6u2ToJV8zTOHAhqsLRGcp7mdz1vv91PNmOpntmfZy9hfxyKJuDrUu8 NPrwfY7kos6TmfZPOQlcXX3iqY+fDdqv4eItsrEaMDFHkc1Ey9HD4XSaBqX5VlNMjiVviE doYjjlbitTPIiy7I0o7d9XI3O0rmNBQY8jXLPwA/kJh4nsVu5rOVPXahpYDuJp3iAH+Ono eeS+WxFJRUGt8kfgAU/KgontQ+Dnp+FfSSQhrFwOFjsQurJI5W4nXZidCSddHA== ARC-Authentication-Results: i=1; rspamd-95f6fbf49-5sbgd; auth=pass smtp.auth=dreamhost smtp.mailfrom=dannym@HIDDEN X-Sender-Id: dreamhost|x-authsender|dannym@HIDDEN X-MC-Relay: Neutral X-MC-Copy: stored-urls X-MailChannels-SenderId: dreamhost|x-authsender|dannym@HIDDEN X-MailChannels-Auth-Id: dreamhost X-Daffy-Inform: 425d6f0c7ae57cfd_1749196814295_2268766752 X-MC-Loop-Signature: 1749196814295:1999859429 X-MC-Ingress-Time: 1749196814295 Received: from pdx1-sub0-mail-a273.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.124.120.130 (trex/7.0.3); Fri, 06 Jun 2025 08:00:14 +0000 Received: from nova (84-115-226-251.cable.dynamic.surfer.at [84.115.226.251]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: dannym@HIDDEN) by pdx1-sub0-mail-a273.dreamhost.com (Postfix) with ESMTPSA id 4bDDJC3LchzBX; Fri, 6 Jun 2025 01:00:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=friendly-machines.com; s=dreamhost; t=1749196812; bh=VTszRBRNV5Rn8e9sx0454B4iLyKoJmyV5eTWu1hWc7I=; h=From:To:Cc:Subject:Date:Content-Type; b=roK4iGBdr2MBUWoezZXJ0RFfsNRW8dId1dwlB0Afw2od9GKbfLArctq9k70nZZYDj Bt23Fe5RamtgLx2t27S83HliRHxG2HmWm9j6i3Qm6Vzy9o8WKWpJcU7QQrrD6n5DmB MDbfz2qNCoxrGWg9U+5gyT9YSmmNfR87bf//lOI5OcN/GIuFm/c5okkPCQypNBOJhH QNCzmkTVVzw6SvXg4SJNevKrV3b/FFtmfxU1NV1b5KUZD9jylDNkNmZA7rA8YLl7Jm t1jy6dm9fDBglM/tl5o9i++cdp0UFGkf1/4cEyoKBf85qQqoBxo2hwTAQ0heDDAKmJ 6MRGz8ahdWxOw== From: Danny Milosavljevic <dannym@HIDDEN> User-Agent: mu4e 1.12.11; emacs 29.4 Date: Fri, 06 Jun 2025 10:00:08 +0200 Message-ID: <87bjr12tbr.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 4.1 (++++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi Ludo, The commit that introduced the check is the following one. I'd just ask Thomas Haller for advice and for what the purpose of the check is, no? Content analysis details: (4.1 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [23.83.209.51 listed in sa-trusted.bondedsender.org] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [23.83.209.51 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [23.83.209.51 listed in bl.score.senderscore.com] 0.0 RCVD_IN_MSPIKE_H5 RBL: Excellent reputation (+5) [23.83.209.51 listed in wl.mailspike.net] 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS [84.115.226.251 listed in zen.spamhaus.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 0.5 PDS_BTC_ID FP reduced Bitcoin ID X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.5 (/) Hi Ludo, The commit that introduced the check is the following one. I'd just ask Thomas Haller for advice and for what the purpose of the check is, no? Probably the classic "if some weird user can change the contents of the (network manager or otherwise) plugins that are used in the gdm login screen, that's not good and can be used for all kinds of shady shit". (confused deputy) Maybe for a really really paranoid way we could replace the check by a check whether geteuid() == st_uid, no ? The idea being that the check wouldn't change behavior if it's actually run as root and would change behavior if it's run as your real user. For the record, on guix system, network manager is run like this: $ ps -ef |grep -i networkmana root 1650 1 0 Jun05 ? 00:00:06 /gnu/store/8fg4facbxkd31r4yl1q6zl2df28mjixg-network-manager-1.52.0/sbin/NetworkManager --config=/gnu/store/3cp48fvxfivj2255bbxj7363qj33ajs9-NetworkManager.conf --no-daemon $ cat /gnu/store/3cp48fvxfivj2255bbxj7363qj33ajs9-NetworkManager.conf [main] dns=default $ sudo cat /proc/1650/environ [...] NM_VPN_PLUGIN_DIR=/gnu/store/p9r27sli74d78mnwr1zzzr4pfm6zjnks-network-manager-vpn-plugins/lib/NetworkManager/ $ ls -lL /gnu/store/p9r27sli74d78mnwr1zzzr4pfm6zjnks-network-manager-vpn-plugins/lib/NetworkManager/ total 756 -r--r--r-- 10 root root 44330 Jan 1 1970 libnm-gtk4-vpn-plugin-openconnect-editor.a -r-xr-xr-x 1 root root 3537 Jan 1 1970 libnm-gtk4-vpn-plugin-openconnect-editor.la -r-xr-xr-x 2 root root 43664 Jan 1 1970 libnm-gtk4-vpn-plugin-openconnect-editor.so -r-xr-xr-x 1 root root 1998 Jan 1 1970 libnm-gtk4-vpn-plugin-openvpn-editor.la -r-xr-xr-x 2 root root 191840 Jan 1 1970 libnm-gtk4-vpn-plugin-openvpn-editor.so -r--r--r-- 2 root root 25986 Jan 1 1970 libnm-vpn-plugin-openconnect.a -r--r--r-- 10 root root 51568 Jan 1 1970 libnm-vpn-plugin-openconnect-editor.a -r-xr-xr-x 1 root root 3422 Jan 1 1970 libnm-vpn-plugin-openconnect-editor.la -r-xr-xr-x 2 root root 51856 Jan 1 1970 libnm-vpn-plugin-openconnect-editor.so -r-xr-xr-x 1 root root 2817 Jan 1 1970 libnm-vpn-plugin-openconnect.la -r-xr-xr-x 2 root root 27184 Jan 1 1970 libnm-vpn-plugin-openconnect.so -r-xr-xr-x 1 root root 1892 Jan 1 1970 libnm-vpn-plugin-openvpn-editor.la -r-xr-xr-x 2 root root 232832 Jan 1 1970 libnm-vpn-plugin-openvpn-editor.so -r-xr-xr-x 1 root root 1276 Jan 1 1970 libnm-vpn-plugin-openvpn.la -r-xr-xr-x 2 root root 64440 Jan 1 1970 libnm-vpn-plugin-openvpn.so dr-xr-xr-x 2 root root 4096 Jan 1 1970 VPN/ $ ls -lL /gnu/store/p9r27sli74d78mnwr1zzzr4pfm6zjnks-network-manager-vpn-plugins/lib/NetworkManager/VPN/ total 8 -r--r--r-- 1 root root 657 Jan 1 1970 nm-openconnect-service.name -r--r--r-- 1 root root 668 Jan 1 1970 nm-openvpn-service.name commit 05e2e701a8638f5a159392f7ed1fd82b02886fd9 Author: Thomas Haller <thaller@HIDDEN> Date: Wed Jun 18 11:58:30 2014 +0200 core: check file permissions when loading device plugins and order by file modification time Refactor the loading of device plugins by creating the list of module filenames in a separate function. Thereby also check for file permissions (must be only modifiable by root) and sort the files by last file modification time. This has the advantage, that if several plugins provide the same device type, that we (deterministically) prefer the most recent one. Signed-off-by: Thomas Haller <thaller@HIDDEN>
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.