Bug ID | 1194799 |
---|---|
Summary | Assessment of NetworkManager 1.34.0 new Systemd service unit: nm-priv-helper.service. |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
URL | https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.34.0/NEWS#L19 |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | luc14n0@linuxmail.org |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Created attachment 855356 [details] NM 1.34.0 nm-priv-helper.service systemd service unit Hello folks! With the release of NetworkManager 1.34.0, it came with a new Systemd service unit and we need your assessment to whether or not it can be whitelisted and how secure it is for the users. New changes as follows: From the changes file: + + core: add internal nm-priv-helper service for separating + privileges and have a way to drop capabilities from + NetworkManager daemon From the spec file: +%{_unitdir}/nm-priv-helper.service +%{_datadir}/dbus-1/system-services/org.freedesktop.nm-priv-helper.service +%{_datadir}/dbus-1/system.d/nm-priv-helper.conf ====================================================================== nm-priv-helper.service content is in the attachment. ====================================================================== org.freedesktop.nm-priv-helper.service content: [D-BUS Service] Name=org.freedesktop.nm-priv-helper Exec=/usr/libexec/nm-priv-helper User=root SystemdService=dbus-org.freedesktop.nm-priv-helper.service ====================================================================== And nm-priv-helper.conf content: <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <policy user="root"> <allow own="org.freedesktop.nm.priv-helper"/> <allow send_destination="org.freedesktop.nm.priv-helper"/> </policy> <policy context="default"> <deny own="org.freedesktop.nm.priv-helper"/> <deny send_destination="org.freedesktop.nm.priv-helper"/> </policy> </busconfig> ====================================================================== The package is living already in GNOME:Next: https://build.opensuse.org/package/rdiff/GNOME:Next/NetworkManager?linkrev=base&rev=194 Thanks in advance.