[Bug 486267] New: Latest update of NetworkManager breaks wireless networking
https://bugzilla.novell.com/show_bug.cgi?id=486267 Summary: Latest update of NetworkManager breaks wireless networking Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: openSUSE 11.1 Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Larry.Finger@lwfinger.net QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7) Gecko/2009022800 SUSE/3.0.7-1.1.6 Firefox/3.0.7 Since the update to NetworkManager 0.7.0.r4359-15.1.1-x86_64, I could only connect using a wire. Wireless failed. I fixed by downgrading NetworkManager, NetworkManager-glib, NetworkManager-kde and NetworkManager-gnome. The NetworkManager log shows the following: Mar 17 16:06:01 larrylap NetworkManager: <info> Activation (wlan2/wireless): access point 'lwfdjf_rad' has security, but s ecrets are required. Mar 17 16:06:01 larrylap NetworkManager: <info> (wlan2): device state change: 5 -> 6 Mar 17 16:06:01 larrylap NetworkManager: <info> Activation (wlan2) Stage 2 of 5 (Device Configure) complete. Mar 17 16:06:01 larrylap NetworkManager: <WARN> get_secrets_cb(): Couldn't get connection secrets: A security policy in pl ace prevents this sender from sending this message to this recipient, see message bus configuration file (rejected message had interface "org.freedesktop.NetworkManagerSettings.Connection.Secrets" member "GetSecrets" error name "(unset)" destinat ion "org.freedesktop.NetworkManagerUserSettings"). I am not using SELinux and I do not know why this violation of security policy shows up. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=486267
User meissner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c1
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c2
--- Comment #2 from Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c3
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c4
Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c5
--- Comment #5 from Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c6
--- Comment #6 from Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c7
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c8
Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c9
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User dmueller@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c10
--- Comment #10 from Dirk Mueller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User dmueller@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c11
Dirk Mueller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c12
--- Comment #12 from Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c13
--- Comment #13 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c14
--- Comment #14 from Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c15
Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c16
--- Comment #16 from Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c17
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c19
--- Comment #19 from Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c20
Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c21
Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c22
Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c23
--- Comment #23 from Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c25
Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c26
--- Comment #26 from Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c27
--- Comment #27 from Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c28
--- Comment #28 from Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c29
--- Comment #29 from Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c30
Ludwig Nussel
Hm, I have done the upgrade, my girlfriend has done it, her laptop worked, mine did not (both using kde 3.5 with knetworkmanager).
I ran a "diff -r /etc/dbus-1/" and found no differences instead of some missing/new files from different packages (kerneloops, gnome clock, ...).
I am not sure how this can be possible...
Interesting. Do the systems use different filesystems? What's the output of ls -1U /etc/dbus-1/system.d/ on both system? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c31
--- Comment #31 from Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c33
Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
User felix@derklecks.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c34
Felix Möller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c35
Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User tambet@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c36
--- Comment #36 from Tambet Ingo
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c37
--- Comment #37 from Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c38
--- Comment #38 from Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c39
--- Comment #39 from Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c40
--- Comment #40 from Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c41
--- Comment #41 from Helmut Schaa
Solution: Do not use deny rule in at_console, only in context=default and an allow rule for root. That is what I have done with my dbus changes. No more problems :)
This might open the security hole again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c42
--- Comment #42 from Georg Müller
(In reply to comment #39)
Solution: Do not use deny rule in at_console, only in context=default and an allow rule for root. That is what I have done with my dbus changes. No more problems :)
This might open the security hole again.
Why? Rules are applied in the following order (from dbus-daemon man page): - all context="default" policies are applied - all group="connection's user's group" policies are applied in undefined order - all user="connection's auth user" policies are applied in undefined order - all at_console="true" policies are applied - all at_console="false" policies are applied - all context="mandatory" policies are applied So, if there is a deny rule in context="default" and no other rule that is matching (you are not root and do not get the allow), then nothing else happens. To minimize the security risk. a much more transparent configuration is very helpful. That means, checking one file instead of 2, 3 or 4 files helps here (since you see on one look what you allow/deny instead of cross-checking with other files). Couldn't we get rid of the client config files at all and define it in a generic way for all nm clients? For the NetoworkManagerUserSettings, I have done it with the nm-user-settings.conf. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c43
Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c44
--- Comment #44 from Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c45
--- Comment #45 from Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c46
--- Comment #46 from Georg Müller
From a logical point of view, at_console=true should only extend priviliges and not restrict them. So, deny rules in at_console=true sections do not make sense to me. They should be done at the lowest level (context=default).
Regarding nm at root login - could it be possible that NM uses NetworkManagerSystemSettings instead of NetworkManagerUserSettings if you log in as root? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c47
--- Comment #47 from Helmut Schaa
I see no connection to the kpowersave problem, because there is no special configuration file for kpowersave (or can you please point me to that).
Uh, yeah, I guess you're right. That's unrelated.
Regarding nm at root login - could it be possible that NM uses NetworkManagerSystemSettings instead of NetworkManagerUserSettings if you log in as root?
No, the frontend should still use NetworkManagerUserSettings. AFAIK NetworkManagerSystemSettings is only used by nm-system-settings. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c48
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c49
--- Comment #49 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c50
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c51
--- Comment #51 from Helmut Schaa
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c52
--- Comment #52 from Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User Larry.Finger@lwfinger.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c53
--- Comment #53 from Larry Finger
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c54
--- Comment #54 from Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User tambet@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c55
Tambet Ingo
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c56
--- Comment #56 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=486267
User tambet@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c57
--- Comment #57 from Tambet Ingo
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c58
--- Comment #58 from Helmut Schaa
it's probably harder to maintain to list all allowed interfaces, just to disallow one.
I'd argue that it is more secure to just open single interfaces instead of opening all interfaces and deny only a specific one. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=486267
User tambet@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c59
--- Comment #59 from Tambet Ingo
https://bugzilla.novell.com/show_bug.cgi?id=486267
User wstephenson@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c60
--- Comment #60 from Will Stephenson
https://bugzilla.novell.com/show_bug.cgi?id=486267
User tambet@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c61
--- Comment #61 from Tambet Ingo
https://bugzilla.novell.com/show_bug.cgi?id=486267
User georgmueller@gmx.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c62
--- Comment #62 from Georg Müller
https://bugzilla.novell.com/show_bug.cgi?id=486267
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c63
--- Comment #63 from Helmut Schaa
I don't see Helmut saying it does not work.
That was on IRC. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=486267
User tambet@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c64
--- Comment #64 from Tambet Ingo
https://bugzilla.novell.com/show_bug.cgi?id=486267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=486267#c65
Ludwig Nussel
Ludwig, could you add a 'rm -rf /var/run/dbus/at_console/*' to one of the startup scripts (either CK or dbus I guess) to make sure there's no stale directories there? The problem with these is that whoever is logged in during a system freeze or hard reset, these users would always be considered as at_console="true" by DBus. Technically, that would solve this bug as well, so do we want to proceed with NM applet .conf file changes as well? Do we want to move the new configuration to NetworkManager package now for released distros? In that case we need to sync the updates of NetworkManager and all the applets to all distros...
Hmm, indeed. While the config isn't quite correct not considering at_console for root and deleting the files at boot is sufficient to fix the problem. So we could get away with only updating one package, dbus. The problem with at_console only hits 11.1+. So let's do it that way. We still need to update NetworkManager itself to also fix the PPP problem. Reassigning to Timo for the dbus update on 11.1 (who is on vacation so I guess I have to do it). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com