http://bugzilla.opensuse.org/show_bug.cgi?id=1194799 Bug ID: 1194799 Summary: Assessment of NetworkManager 1.34.0 new Systemd service unit: nm-priv-helper.service. Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://gitlab.freedesktop.org/NetworkManager/NetworkM anager/-/blob/1.34.0/NEWS#L19 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: luc14n0@linuxmail.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 855356 --> http://bugzilla.opensuse.org/attachment.cgi?id=855356&action=edit NM 1.34.0 nm-priv-helper.service systemd service unit Hello folks! With the release of NetworkManager 1.34.0, it came with a new Systemd service unit and we need your assessment to whether or not it can be whitelisted and how secure it is for the users. New changes as follows: From the changes file: + + core: add internal nm-priv-helper service for separating + privileges and have a way to drop capabilities from + NetworkManager daemon From the spec file: +%{_unitdir}/nm-priv-helper.service +%{_datadir}/dbus-1/system-services/org.freedesktop.nm-priv-helper.service +%{_datadir}/dbus-1/system.d/nm-priv-helper.conf ====================================================================== nm-priv-helper.service content is in the attachment. ====================================================================== org.freedesktop.nm-priv-helper.service content: [D-BUS Service] Name=org.freedesktop.nm-priv-helper Exec=/usr/libexec/nm-priv-helper User=root SystemdService=dbus-org.freedesktop.nm-priv-helper.service ====================================================================== And nm-priv-helper.conf content: <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <policy user="root"> <allow own="org.freedesktop.nm.priv-helper"/> <allow send_destination="org.freedesktop.nm.priv-helper"/> </policy> <policy context="default"> <deny own="org.freedesktop.nm.priv-helper"/> <deny send_destination="org.freedesktop.nm.priv-helper"/> </policy> </busconfig> ====================================================================== The package is living already in GNOME:Next: https://build.opensuse.org/package/rdiff/GNOME:Next/NetworkManager?linkrev=base&rev=194 Thanks in advance. -- You are receiving this mail because: You are on the CC list for the bug.