GNU logs - #78047, boring messages


Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon
Resent-From: Rodion Goritskov <rodion@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 24 Apr 2025 19:05:02 +0000
Resent-Message-ID: <handler.78047.B.17455214527126 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 78047
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 78047 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.17455214527126
          (code B ref -1); Thu, 24 Apr 2025 19:05:02 +0000
Received: (at submit) by debbugs.gnu.org; 24 Apr 2025 19:04:12 +0000
Received: from localhost ([127.0.0.1]:41258 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1u81ro-0001qs-Cl
	for submit <at> debbugs.gnu.org; Thu, 24 Apr 2025 15:04:12 -0400
Received: from lists.gnu.org ([2001:470:142::17]:54280)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <rodion@HIDDEN>)
 id 1u81rk-0001pv-JO
 for submit <at> debbugs.gnu.org; Thu, 24 Apr 2025 15:04:09 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <rodion@HIDDEN>)
 id 1u81rG-0006GZ-2R
 for bug-guix@HIDDEN; Thu, 24 Apr 2025 15:03:41 -0400
Received: from mail.goritskov.com ([65.108.121.176])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <rodion@HIDDEN>)
 id 1u81rD-0003MV-Mn
 for bug-guix@HIDDEN; Thu, 24 Apr 2025 15:03:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=goritskov.com;
 s=04012025; t=1745521407;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type;
 bh=g9uOij5ztnuT++Hb8NqI7RTtfwqqfByc2kcxlQO5mRw=;
 b=WQO+FrL9OI+5NsfhmFATL47YoR7lSMW87glH6P86g0tnqNm0q5rsNy4Ot3rUQ/F+rw9hN5
 gkjHsCA5YmwCRsKzUiMpSpZr6fFW01wCtXlBTfCfkui4T6g15cdbek+TaX8BKHKKnCxQLr
 AoYRBKxGWFZMz9T2GT0TZDRqLS4FY1o=
Received: from bumblebee-old (port-92-196-247-179.dynamic.as20676.net
 [92.196.247.179])
 by mail.goritskov.com (OpenSMTPD) with ESMTPSA id 34e03c1c
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <bug-guix@HIDDEN>;
 Thu, 24 Apr 2025 19:03:27 +0000 (UTC)
From: Rodion Goritskov <rodion@HIDDEN>
Date: Thu, 24 Apr 2025 21:03:22 +0200
Message-ID: <871pth756t.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=65.108.121.176; envelope-from=rodion@HIDDEN;
 helo=mail.goritskov.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.1 (/)


Hi!

I tried to opt-in into using guix daemon in unprivileged mode using:

> (modify-services %base-services
> 		 (guix-service-type config =>
>                                     (guix-configuration (inherit config)
> 							  (privileged? #f))))

After reconfiguration (and finish of the task changing owner of store to
guix-daemon), I rebooted system to found out that WiFi not working anymore.

I use NetworkManager for the network configuration, with pretty much the
default configuration:

> (service wpa-supplicant-service-type)
> (service network-manager-service-type
>          (network-manager-configuration (vpn-plugins (list
>                                                       network-manager-openvpn))))


In logs I can see the following errors:

> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>  [1745483655.8534] plugin: skip invalid file /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-ovs.so: file has invalid owner (should be root)
> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>  [1745483655.8535] plugin: skip invalid file /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-bluetooth.so: file has invalid owner (should be root)
> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>  [1745483655.8536] plugin: skip invalid file /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-adsl.so: file has invalid owner (should be root)
> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>  [1745483655.8536] plugin: skip invalid file /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-wifi.so: file has invalid owner (should be root)
> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>
> [1745483655.8537] plugin: skip invalid file
> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-wwan.so:
> file has invalid owner (should be root)

Looks like NetworkManager doesn't like a non-root owner of plugins.

After reconfiguration back to the priveleged guix-service-type,
NetworkManager is back to normal:

> 2025-04-24 11:40:49 localhost NetworkManager[833]: <info>  [1745487649.2569] Loaded device plugin: NMOvsFactory (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-ovs.so)
> 2025-04-24 11:40:49 localhost NetworkManager[833]: <info>  [1745487649.3357] Loaded device plugin: NMBluezManager (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-bluetooth.so)
> 2025-04-24 11:40:49 localhost NetworkManager[833]: <info>  [1745487649.3373] Loaded device plugin: NMAtmManager (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-adsl.so)
> 2025-04-24 11:40:49 localhost NetworkManager[833]: <info>  [1745487649.3414] Loaded device plugin: NMWifiFactory (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-wifi.so)
> 2025-04-24 11:40:49 localhost NetworkManager[833]: <info>
> [1745487649.3427] Loaded device plugin: NMWwanFactory
> (/gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-wwan.so)




Message sent:


Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Rodion Goritskov <rodion@HIDDEN>
Subject: bug#78047: Acknowledgement (WiFi stops working if managed with
 NetworkManager after migration to unprivileged guix daemon)
Message-ID: <handler.78047.B.17455214527126.ack <at> debbugs.gnu.org>
References: <871pth756t.fsf@HIDDEN>
X-Gnu-PR-Message: ack 78047
X-Gnu-PR-Package: guix
Reply-To: 78047 <at> debbugs.gnu.org
Date: Thu, 24 Apr 2025 19:05:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-guix@HIDDEN

If you wish to submit further information on this problem, please
send it to 78047 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
78047: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D78047
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems


Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 05 May 2025 15:36:04 +0000
Resent-Message-ID: <handler.78047.B78047.174645932822608 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 78047
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Rodion Goritskov <rodion@HIDDEN>
Cc: 78047 <at> debbugs.gnu.org
Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.174645932822608
          (code B ref 78047); Mon, 05 May 2025 15:36:04 +0000
Received: (at 78047) by debbugs.gnu.org; 5 May 2025 15:35:28 +0000
Received: from localhost ([127.0.0.1]:41793 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uBxqp-0005sY-Ro
	for submit <at> debbugs.gnu.org; Mon, 05 May 2025 11:35:28 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34308)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1uBxqc-0005pD-F6
 for 78047 <at> debbugs.gnu.org; Mon, 05 May 2025 11:35:15 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1uBxqW-00024B-Tv; Mon, 05 May 2025 11:35:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=cge4KTXknyFJxOxudE2eDPdiMrhOtqSVAeLVrJpi0KE=; b=VTFJppjts490ptVXhe88
 akxivaclAxnx7rEPdeFn+JYsPksCZ2hc3iaQaV3tgFnYy0twOeE5ehILneeE2d+3cJV31rDBJFJAO
 mXipAZACQ4Jb4TZIeQMc+BBfmqmnTptjs1H1kexZbpLcMnLp+ueVOPqAOlpC4dYML+yNK34MWbOoy
 acPFVniKuoCONBerJm8LTZER0WiW5ie0Zb42zkvMoyWVjak/rhcJez2ufk5scNBl0XPjunIhlaTOQ
 Gxplf4OtDT3ZcmOCnIcJA0p+7c5OHUt91L3uMdFw2jaNRrumJ5j85XbP/LsSw5jvcAU/iXzX1OzNC
 pOK+W0pQu3k36Q==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
In-Reply-To: <871pth756t.fsf@HIDDEN>
 (Rodion Goritskov's message of "Thu, 24 Apr 2025 21:03:22 +0200")
References: <871pth756t.fsf@HIDDEN>
Date: Mon, 05 May 2025 15:02:35 +0200
Message-ID: <87y0vb43dg.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Rodion Goritskov <rodion@HIDDEN> writes:

> In logs I can see the following errors:
>
>> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>
>> [1745483655.8534] plugin: skip invalid file
>> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N=
etworkManager/1.52.0/libnm-device-plugin-ovs.so:
>> file has invalid owner (should be root)
>> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>
>> [1745483655.8535] plugin: skip invalid file
>> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N=
etworkManager/1.52.0/libnm-device-plugin-bluetooth.so:
>> file has invalid owner (should be root)
>> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>
>> [1745483655.8536] plugin: skip invalid file
>> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N=
etworkManager/1.52.0/libnm-device-plugin-adsl.so:
>> file has invalid owner (should be root)
>> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>
>> [1745483655.8536] plugin: skip invalid file
>> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N=
etworkManager/1.52.0/libnm-device-plugin-wifi.so:
>> file has invalid owner (should be root)
>> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>
>> [1745483655.8537] plugin: skip invalid file
>> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/N=
etworkManager/1.52.0/libnm-device-plugin-wwan.so:
>> file has invalid owner (should be root)
>
> Looks like NetworkManager doesn't like a non-root owner of plugins.

I think we=E2=80=99ll have to add an activation snippet in the =E2=80=98net=
work-manager=E2=80=99
service that copies those files elsewhere with appropriate ownership.

Or we could patch NetworkManager.  (Maybe wiser.)

Thanks,
Ludo=E2=80=99.




Message received at control <at> debbugs.gnu.org:


Received: (at control) by debbugs.gnu.org; 9 May 2025 13:03:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri May 09 09:03:38 2025
Received: from localhost ([127.0.0.1]:36650 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uDNO6-0007KW-Bb
	for submit <at> debbugs.gnu.org; Fri, 09 May 2025 09:03:38 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:57568)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1uDNO2-0007K0-88
 for control <at> debbugs.gnu.org; Fri, 09 May 2025 09:03:35 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1uDNNw-0005hv-MI
 for control <at> debbugs.gnu.org; Fri, 09 May 2025 09:03:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to:
 references; bh=yDV0rsM4jdWtC9RnzRCtwJM+BlM5YrWIhFgtajGH4yk=; b=sRwOUZkNsVOlZP
 bTN8WWmP3ijl2m99OaEikw7COpzCmbj2mXXYVskO6tHfOyNSE87cQ6U3Q4de0cYe6LZ0jNdnIDVf2
 93armAjbo2t0klKQojgNl2Fw/BKOGvaOAzNocfpuWs77qRIUFr0zmaeP+S5ijcdIEkQsHGAXkDpq+
 3G+8v9JMvFptPMXh1EYIyt83lE93cvvZjxU2vh+txJ3GqCEZLsDkFqRmKhUQR+azVQindzLcYRPIg
 rsrKl52ewfXeSqp0Tj0X0EY1H9azYl/q8XIGrHATZz/lL2CHEdXbQ3qlooiFxm7Cq8r4wOSd5luN3
 aatIbQCUGYHfAOYZLDiw==;
Date: Fri, 09 May 2025 15:02:04 +0200
Message-Id: <874ixukkdv.fsf@HIDDEN>
To: control <at> debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
Subject: control message for bug #78047
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

severity 78047 important
quit





Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon
References: <871pth756t.fsf@HIDDEN>
In-Reply-To: <871pth756t.fsf@HIDDEN>
Resent-From: Gabriel Santos <gabrielsantosdesouza@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 09 May 2025 23:05:02 +0000
Resent-Message-ID: <handler.78047.B78047.17468318998750 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 78047
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 78047 <at> debbugs.gnu.org
Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.17468318998750
          (code B ref 78047); Fri, 09 May 2025 23:05:02 +0000
Received: (at 78047) by debbugs.gnu.org; 9 May 2025 23:04:59 +0000
Received: from localhost ([127.0.0.1]:41195 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uDWm3-0002H0-7I
	for submit <at> debbugs.gnu.org; Fri, 09 May 2025 19:04:59 -0400
Received: from layka.disroot.org ([178.21.23.139]:34802)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <gabrielsantosdesouza@HIDDEN>)
 id 1uDWlz-0002Gh-IE
 for 78047 <at> debbugs.gnu.org; Fri, 09 May 2025 19:04:56 -0400
Received: from mail01.disroot.lan (localhost [127.0.0.1])
 by disroot.org (Postfix) with ESMTP id 9A9602618A
 for <78047 <at> debbugs.gnu.org>; Sat, 10 May 2025 01:04:53 +0200 (CEST)
X-Virus-Scanned: SPAM Filter at disroot.org
Received: from layka.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id Vix_XxsMAIBq for <78047 <at> debbugs.gnu.org>;
 Sat, 10 May 2025 01:04:53 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
 t=1746831893; bh=bFudXqHAM0U6MrNE0it+Yd/pZUEmjCJogDHo9qRe5Hg=;
 h=Date:From:To:Subject;
 b=jIELCQ+xT0ltq9vB6Cb7Bs1Zlzxx1zuypnj7UKQwMVrYdbJDGBowuibsPEly6Z60B
 lPdjAnVSMf++JgS1kJ+17dO3R8Uw4EOqm/Eu8Yen0XwLPWagllEO30wvjdaLw6pAx5
 sBzESIai6ch1TIvv4pRaEeJU17vVEMOrCXTTOuKoOm7b1ACLUlMVyZrdCi//Ru32/O
 823RLsIjmf7eYDhMhRfe3gycmllpBKRbkAB8UaNj1YlwY6klXGyYPaLClSLyeWaclX
 WNRxfkeZ1mAqRPuwyH5v4hw+YRAvLUsvN7djk3pD23yGl87q18NU8w3VepgYAw5GUp
 lnPeNkRVWH1AA==
Date: Fri, 09 May 2025 20:04:45 -0300
From: Gabriel Santos <gabrielsantosdesouza@HIDDEN>
User-Agent: Thunderbird for Android
Message-ID: <779FC18B-5BCE-43B7-BD5C-AAE09FC62DA6@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Thanks for reporting this, I also was impacted by the same
issue=2E I'll just do a privileged reinstall=2E

--=20
Gabriel Santos




Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 19 May 2025 14:36:01 +0000
Resent-Message-ID: <handler.78047.B78047.174766530418387 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 78047
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Rodion Goritskov <rodion@HIDDEN>
Cc: guix-devel@HIDDEN, 78047 <at> debbugs.gnu.org
Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.174766530418387
          (code B ref 78047); Mon, 19 May 2025 14:36:01 +0000
Received: (at 78047) by debbugs.gnu.org; 19 May 2025 14:35:04 +0000
Received: from localhost ([127.0.0.1]:41817 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uH1a3-0004mT-GJ
	for submit <at> debbugs.gnu.org; Mon, 19 May 2025 10:35:03 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58752)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1uH1Zz-0004lC-HJ
 for 78047 <at> debbugs.gnu.org; Mon, 19 May 2025 10:35:00 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1uH1Zs-0007BS-0b; Mon, 19 May 2025 10:34:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=7IgaFPLi7SQZ8EwCNacaCGY4NrCXSxqtYF4xZNGNzzY=; b=AApCmv7+I6O1AsB40vTy
 nUtvIX2B+cHbfqiataS7qDGV8gEFu1sWosLCtLXWw5t38wiprkwT+PNsWetiAAvn03/tOwmqGWALK
 lYj24/883jgSgjfo7P14wM8CzfdOaJKuzUBbpR8APUANIKsOyaVy/2JIosVocV2HpcuuNuKAcPMQa
 wuSbAxQonpUYsLdxvQ0mNgeMtDN92EL+F0T1toUqJMFSD0SiKAbhGG18Nt9PZX+Le6pCKjJJdn+UP
 /kq1+M9xfWIboD3qJ0yfTaEH2j3kcIlJORukT4JaZjKQ1nLVwnCfc9VLNlp7np5/arKpcALorA77u
 qFepTOMIxbbP+A==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
In-Reply-To: <87y0vb43dg.fsf@HIDDEN> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Mon, 05 May 2025 15:02:35 +0200")
References: <871pth756t.fsf@HIDDEN>
 <87y0vb43dg.fsf@HIDDEN>
Date: Mon, 19 May 2025 16:33:22 +0200
Message-ID: <87iklw4qml.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello,

Ludovic Court=C3=A8s <ludo@HIDDEN> writes:

>>> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>
>>> [1745483655.8537] plugin: skip invalid file
>>> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/=
NetworkManager/1.52.0/libnm-device-plugin-wwan.so:
>>> file has invalid owner (should be root)
>>
>> Looks like NetworkManager doesn't like a non-root owner of plugins.
>
> I think we=E2=80=99ll have to add an activation snippet in the =E2=80=98n=
etwork-manager=E2=80=99
> service that copies those files elsewhere with appropriate ownership.
>
> Or we could patch NetworkManager.  (Maybe wiser.)

Looking into it, I think this root-ownership check buys us very little:
it worked =E2=80=9Cby chance=E2=80=9D, but since anyone can indirectly writ=
e into the
store (with root ownership), it=E2=80=99s pointless.

What matters is that network-manager is configured by root on Guix
System, and that it is passed its configuration in the store
(unambiguous).

So I=E2=80=99m tempted to just remove the check, but I=E2=80=99d rather hav=
e more
eyeballs on this:


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline

diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
index 895a991..738f8c7 100644
--- a/src/core/nm-core-utils.c
+++ b/src/core/nm-core-utils.c
@@ -4319,14 +4319,6 @@ nm_utils_validate_plugin(const char *path, struct stat *st, GError **error)
         return FALSE;
     }
 
-    if (st->st_uid != 0) {
-        g_set_error_literal(error,
-                            NM_UTILS_ERROR,
-                            NM_UTILS_ERROR_UNKNOWN,
-                            "file has invalid owner (should be root)");
-        return FALSE;
-    }
-
     if (st->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) {
         g_set_error_literal(error,
                             NM_UTILS_ERROR,

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64

DQpMdWRv4oCZLg0K
--=-=-=--




Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 05 Jun 2025 22:06:02 +0000
Resent-Message-ID: <handler.78047.B78047.174916111117452 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 78047
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: guix-devel@HIDDEN,  78047 <at> debbugs.gnu.org
Cc: Rodion Goritskov <rodion@HIDDEN>
Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.174916111117452
          (code B ref 78047); Thu, 05 Jun 2025 22:06:02 +0000
Received: (at 78047) by debbugs.gnu.org; 5 Jun 2025 22:05:11 +0000
Received: from localhost ([127.0.0.1]:38663 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uNIhy-0004XO-FX
	for submit <at> debbugs.gnu.org; Thu, 05 Jun 2025 18:05:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58848)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1uNIhv-0004X9-UH
 for 78047 <at> debbugs.gnu.org; Thu, 05 Jun 2025 18:05:08 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1uNIhq-0007iO-K1; Thu, 05 Jun 2025 18:05:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=Hrg4qGNnUgZR077gwkh2umG9Xsc8zcsxe16hcG7UPAw=; b=cTdT4eN+P7V3xLj06y6M
 mANbGTXNjlF6xnjLCEJcRsk8r21HfC+jfJGxDstoWTBBbA3bGu764bKUCZcjyMXmoHE4uE+7gIHQh
 mClJUVikZKj+uKl1A4X6fZjqhUSeTFgXDiOyctvIdRdvZ0tJl5yxW7koG+nRiPNYk4IEvUWgwpgpC
 4aKcScI2LLigVx8dzTxHVFPjTzgOUK3s0sm0VQNd76z2g7KRpqy5dtlhS+CRbfRKGGU6qScarwC2Q
 f4HHcFpl0TaxnKmgKclZ/9lIB/yTQNoQaPMpXKCQJLlCwcKYpQ0bpqAxHt9DNIJhW2lucCd7mwvX8
 +GA8G4QZ9Xe8dA==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
In-Reply-To: <87iklw4qml.fsf@HIDDEN> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Mon, 19 May 2025 16:33:22 +0200")
References: <871pth756t.fsf@HIDDEN>
 <87y0vb43dg.fsf@HIDDEN> <87iklw4qml.fsf@HIDDEN>
Date: Thu, 05 Jun 2025 22:47:17 +0200
Message-ID: <87zfelex0q.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello,

Ludovic Court=C3=A8s <ludo@HIDDEN> writes:

> So I=E2=80=99m tempted to just remove the check, but I=E2=80=99d rather h=
ave more
> eyeballs on this:
>
> diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
> index 895a991..738f8c7 100644
> --- a/src/core/nm-core-utils.c
> +++ b/src/core/nm-core-utils.c
> @@ -4319,14 +4319,6 @@ nm_utils_validate_plugin(const char *path, struct =
stat *st, GError **error)
>          return FALSE;
>      }
>=20=20
> -    if (st->st_uid !=3D 0) {
> -        g_set_error_literal(error,
> -                            NM_UTILS_ERROR,
> -                            NM_UTILS_ERROR_UNKNOWN,
> -                            "file has invalid owner (should be root)");
> -        return FALSE;
> -    }

Any objections to this?

See <https://issues.guix.gnu.org/78047> for context.

Ludo=E2=80=99.




Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon
References: <871pth756t.fsf@HIDDEN>
In-Reply-To: <871pth756t.fsf@HIDDEN>
Resent-From: Danny Milosavljevic <dannym@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 06 Jun 2025 08:01:02 +0000
Resent-Message-ID: <handler.78047.B78047.174919684028577 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 78047
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: guix-devel@HIDDEN, 78047 <at> debbugs.gnu.org, Rodion Goritskov <rodion@HIDDEN>
Received: via spool by 78047-submit <at> debbugs.gnu.org id=B78047.174919684028577
          (code B ref 78047); Fri, 06 Jun 2025 08:01:02 +0000
Received: (at 78047) by debbugs.gnu.org; 6 Jun 2025 08:00:40 +0000
Received: from localhost ([127.0.0.1]:41513 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uNS04-0007QJ-0f
	for submit <at> debbugs.gnu.org; Fri, 06 Jun 2025 04:00:39 -0400
Received: from dragonfly.birch.relay.mailchannels.net ([23.83.209.51]:31909)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <dannym@HIDDEN>)
 id 1uNRzx-0007Pg-8L
 for 78047 <at> debbugs.gnu.org; Fri, 06 Jun 2025 04:00:24 -0400
X-Sender-Id: dreamhost|x-authsender|dannym@HIDDEN
Received: from relay.mailchannels.net (localhost [127.0.0.1])
 by relay.mailchannels.net (Postfix) with ESMTP id ED0078A5652;
 Fri,  6 Jun 2025 08:00:17 +0000 (UTC)
Received: from pdx1-sub0-mail-a273.dreamhost.com
 (trex-green-4.trex.outbound.svc.cluster.local [100.124.120.130])
 (Authenticated sender: dreamhost)
 by relay.mailchannels.net (Postfix) with ESMTPA id BB8118A5CEF;
 Fri,  6 Jun 2025 08:00:12 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1749196812; a=rsa-sha256;
 cv=none;
 b=I87Nf5v4SL7N3oX0QFwTSvVQBZhLLXg1/3aRvp55p+lm5LxJdAC5AFgnViVYpZga9c//Vm
 gA23Z2WjUIzkkkETEUcDbaki2J8XwQp9p3Tr8SuSjfn/LU07NR1asA7TrY4fzwotGpaYnR
 gScaPrEffdNdVXVr24r04YT1mOXM/thjkY85a9N9Dh0wMq6at0h79oGsWk0U9j89aGeFGq
 WL/sNcBwDtXQdQidwc1JSYmHEB7XFSKEplNIg1AThgJuTcfU8VsjnX/dJc7XiAzYXVQYXP
 RABsbG9rYXs+eqKpbEdQ1VP/Lw6qAX1hDzprqdEVch16AdZwmnsda+ubZbF5dg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net; s=arc-2022; t=1749196812;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 dkim-signature; bh=VTszRBRNV5Rn8e9sx0454B4iLyKoJmyV5eTWu1hWc7I=;
 b=036XpyyYjosEiT1R/G4IOEcSiv5dmFz0CL8BBDTYAlFw2FveUhuoLESvcKyFxTX3p7Ee37
 Z7tNF+/ahRtTMGrk6u2ToJV8zTOHAhqsLRGcp7mdz1vv91PNmOpntmfZy9hfxyKJuDrUu8
 NPrwfY7kos6TmfZPOQlcXX3iqY+fDdqv4eItsrEaMDFHkc1Ey9HD4XSaBqX5VlNMjiVviE
 doYjjlbitTPIiy7I0o7d9XI3O0rmNBQY8jXLPwA/kJh4nsVu5rOVPXahpYDuJp3iAH+Ono
 eeS+WxFJRUGt8kfgAU/KgontQ+Dnp+FfSSQhrFwOFjsQurJI5W4nXZidCSddHA==
ARC-Authentication-Results: i=1; rspamd-95f6fbf49-5sbgd;
 auth=pass smtp.auth=dreamhost smtp.mailfrom=dannym@HIDDEN
X-Sender-Id: dreamhost|x-authsender|dannym@HIDDEN
X-MC-Relay: Neutral
X-MC-Copy: stored-urls
X-MailChannels-SenderId: dreamhost|x-authsender|dannym@HIDDEN
X-MailChannels-Auth-Id: dreamhost
X-Daffy-Inform: 425d6f0c7ae57cfd_1749196814295_2268766752
X-MC-Loop-Signature: 1749196814295:1999859429
X-MC-Ingress-Time: 1749196814295
Received: from pdx1-sub0-mail-a273.dreamhost.com (pop.dreamhost.com
 [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
 by 100.124.120.130 (trex/7.0.3); Fri, 06 Jun 2025 08:00:14 +0000
Received: from nova (84-115-226-251.cable.dynamic.surfer.at [84.115.226.251])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest
 SHA256) (No client certificate requested)
 (Authenticated sender: dannym@HIDDEN)
 by pdx1-sub0-mail-a273.dreamhost.com (Postfix) with ESMTPSA id 4bDDJC3LchzBX; 
 Fri,  6 Jun 2025 01:00:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=friendly-machines.com; s=dreamhost; t=1749196812;
 bh=VTszRBRNV5Rn8e9sx0454B4iLyKoJmyV5eTWu1hWc7I=;
 h=From:To:Cc:Subject:Date:Content-Type;
 b=roK4iGBdr2MBUWoezZXJ0RFfsNRW8dId1dwlB0Afw2od9GKbfLArctq9k70nZZYDj
 Bt23Fe5RamtgLx2t27S83HliRHxG2HmWm9j6i3Qm6Vzy9o8WKWpJcU7QQrrD6n5DmB
 MDbfz2qNCoxrGWg9U+5gyT9YSmmNfR87bf//lOI5OcN/GIuFm/c5okkPCQypNBOJhH
 QNCzmkTVVzw6SvXg4SJNevKrV3b/FFtmfxU1NV1b5KUZD9jylDNkNmZA7rA8YLl7Jm
 t1jy6dm9fDBglM/tl5o9i++cdp0UFGkf1/4cEyoKBf85qQqoBxo2hwTAQ0heDDAKmJ
 6MRGz8ahdWxOw==
From: Danny Milosavljevic <dannym@HIDDEN>
User-Agent: mu4e 1.12.11; emacs 29.4
Date: Fri, 06 Jun 2025 10:00:08 +0200
Message-ID: <87bjr12tbr.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 4.1 (++++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi Ludo,
 The commit that introduced the check is the following
 one. I'd just ask Thomas Haller for advice and for what the purpose of the
 check is, no? 
 Content analysis details:   (4.1 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [23.83.209.51 listed in sa-trusted.bondedsender.org]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [23.83.209.51 listed in list.dnswl.org]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [23.83.209.51 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_MSPIKE_H5      RBL: Excellent reputation (+5)
 [23.83.209.51 listed in wl.mailspike.net]
 3.6 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
 [84.115.226.251 listed in zen.spamhaus.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
 0.5 PDS_BTC_ID             FP reduced Bitcoin ID
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

Hi Ludo,

The commit that introduced the check is the following one.

I'd just ask Thomas Haller for advice and for what the purpose of the check is, no?

Probably the classic "if some weird user can change the contents of the (network manager or otherwise) plugins that are used in the gdm login screen, that's not good and can be used for all kinds of shady shit". (confused deputy)

Maybe for a really really paranoid way we could replace the check by a check whether geteuid() == st_uid, no ?  The idea being that the check wouldn't change behavior if it's actually run as root and would change behavior if it's run as your real user.

For the record, on guix system, network manager is run like this:

$ ps -ef |grep -i networkmana
root      1650     1  0 Jun05 ?        00:00:06 /gnu/store/8fg4facbxkd31r4yl1q6zl2df28mjixg-network-manager-1.52.0/sbin/NetworkManager --config=/gnu/store/3cp48fvxfivj2255bbxj7363qj33ajs9-NetworkManager.conf --no-daemon

$ cat /gnu/store/3cp48fvxfivj2255bbxj7363qj33ajs9-NetworkManager.conf
[main]
dns=default

$ sudo cat /proc/1650/environ 
[...]
NM_VPN_PLUGIN_DIR=/gnu/store/p9r27sli74d78mnwr1zzzr4pfm6zjnks-network-manager-vpn-plugins/lib/NetworkManager/

$ ls -lL /gnu/store/p9r27sli74d78mnwr1zzzr4pfm6zjnks-network-manager-vpn-plugins/lib/NetworkManager/
total 756
-r--r--r-- 10 root root  44330 Jan  1  1970 libnm-gtk4-vpn-plugin-openconnect-editor.a
-r-xr-xr-x  1 root root   3537 Jan  1  1970 libnm-gtk4-vpn-plugin-openconnect-editor.la
-r-xr-xr-x  2 root root  43664 Jan  1  1970 libnm-gtk4-vpn-plugin-openconnect-editor.so
-r-xr-xr-x  1 root root   1998 Jan  1  1970 libnm-gtk4-vpn-plugin-openvpn-editor.la
-r-xr-xr-x  2 root root 191840 Jan  1  1970 libnm-gtk4-vpn-plugin-openvpn-editor.so
-r--r--r--  2 root root  25986 Jan  1  1970 libnm-vpn-plugin-openconnect.a
-r--r--r-- 10 root root  51568 Jan  1  1970 libnm-vpn-plugin-openconnect-editor.a
-r-xr-xr-x  1 root root   3422 Jan  1  1970 libnm-vpn-plugin-openconnect-editor.la
-r-xr-xr-x  2 root root  51856 Jan  1  1970 libnm-vpn-plugin-openconnect-editor.so
-r-xr-xr-x  1 root root   2817 Jan  1  1970 libnm-vpn-plugin-openconnect.la
-r-xr-xr-x  2 root root  27184 Jan  1  1970 libnm-vpn-plugin-openconnect.so
-r-xr-xr-x  1 root root   1892 Jan  1  1970 libnm-vpn-plugin-openvpn-editor.la
-r-xr-xr-x  2 root root 232832 Jan  1  1970 libnm-vpn-plugin-openvpn-editor.so
-r-xr-xr-x  1 root root   1276 Jan  1  1970 libnm-vpn-plugin-openvpn.la
-r-xr-xr-x  2 root root  64440 Jan  1  1970 libnm-vpn-plugin-openvpn.so
dr-xr-xr-x  2 root root   4096 Jan  1  1970 VPN/

$ ls -lL /gnu/store/p9r27sli74d78mnwr1zzzr4pfm6zjnks-network-manager-vpn-plugins/lib/NetworkManager/VPN/
total 8
-r--r--r-- 1 root root 657 Jan  1  1970 nm-openconnect-service.name
-r--r--r-- 1 root root 668 Jan  1  1970 nm-openvpn-service.name

commit 05e2e701a8638f5a159392f7ed1fd82b02886fd9
Author: Thomas Haller <thaller@HIDDEN>
Date:   Wed Jun 18 11:58:30 2014 +0200

    core: check file permissions when loading device plugins and order by file modification time
    
    Refactor the loading of device plugins by creating the list of
    module filenames in a separate function.
    
    Thereby also check for file permissions (must be only modifiable by root)
    and sort the files by last file modification time. This has the advantage,
    that if several plugins provide the same device type, that we (deterministically)
    prefer the most recent one.
    
    Signed-off-by: Thomas Haller <thaller@HIDDEN>





Last modified: Fri, 6 Jun 2025 08:15:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.