https://bugzilla.novell.com/show_bug.cgi?id=486267 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=486267#c48 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |mvidner@novell.com Info Provider|lnussel@novell.com | AssignedTo|hschaa@novell.com |tambet@novell.com --- Comment #48 from Ludwig Nussel <lnussel@novell.com> 2009-03-24 08:10:03 MST --- Do'h! Now this finally all makes sense. I wonder why I didn't see this before. Of course Georg is right. NetworkManager which runs as root sends a request over the bus. Now if root for whatever reason is at_console the policy for at_console overrides the policy for user root. at_console is now allowed to read secrets -> ouch. That's not a knetworkmanager specific problem. There are two possible solutions to this problem AFAICS: a) remove the deny rules for secrets and implement access control in the applets b) instead of the send_destination rule that allows all interfaces plus the deny rule for secrets use allow rules for individual interfaces only. This way the deny rule could be at context=default or omitted. In any case we need to update knetworkmanager, nm-applet and cnetworkmanager. so this is probably a good opportunity only ship one applet config only (bug 476502). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.