[Pkg-utopia-maintainers] Bug#426462: network-manager: Add support for at_console dbus access check
Petter Reinholdtsen
pere at hungry.com
Mon May 28 22:12:03 UTC 2007
Package: network-manager
Version: 0.6.4-8
Severity: important
Tags: patch
In a large installation, it does not scale to add all users to the
groups granting access to local devices on each machine. In such
configurations it is better to assign that access dynamically at
login, using the pam_group and pam_foreground pam modules.
In Debian Edu, we use pam_group and pam_foreground to grant access to
single desktop machines (what we call the standalone profile), to make
sure all users are treated the same way even if they are added later
on using adduser or added to the LDAP database. I would recommend
Debian changed its default to also use pam_group and pam_foreground to
grant access to local devices.
In such setting, the network-manager do not work properly, as it do
not grant access to console users but only to members of the netdev
group.
Here is a patch to fix it, by granting access to both members of the
netdev group, and the users logged into the console. It modifies the
patches 02-dbus_access_network_manager and 03-dbus_access_nm_applet to
add a block for the netdev group instead of modifying the setting for
the at_console group.
diff -u network-manager-0.6.4/debian/patches/03-dbus_access_nm_applet.patch network-manager-0.6.4/debian/patches/03-dbus_access_nm_applet.patch
--- network-manager-0.6.4/debian/patches/03-dbus_access_nm_applet.patch
+++ network-manager-0.6.4/debian/patches/03-dbus_access_nm_applet.patch
@@ -1,11 +1,15 @@
---- gnome/applet/nm-applet.conf.orig 2006-02-07 04:22:39.000000000 +0100
-+++ gnome/applet/nm-applet.conf 2006-02-07 04:23:00.000000000 +0100
-@@ -8,7 +8,7 @@
+--- gnome/applet/nm-applet.conf.orig 2007-05-28 23:58:46.000000000 +0200
++++ gnome/applet/nm-applet.conf 2007-05-28 23:59:21.000000000 +0200
+@@ -14,6 +14,12 @@
<allow send_destination="org.freedesktop.NetworkManagerInfo"/>
<allow send_interface="org.freedesktop.NetworkManagerInfo"/>
</policy>
-- <policy at_console="true">
+ <policy group="netdev">
- <allow own="org.freedesktop.NetworkManagerInfo"/>
++ <allow own="org.freedesktop.NetworkManagerInfo"/>
++
++ <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
++ <allow send_interface="org.freedesktop.NetworkManagerInfo"/>
++ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManagerInfo"/>
- <allow send_destination="org.freedesktop.NetworkManagerInfo"/>
diff -u network-manager-0.6.4/debian/patches/02-dbus_access_network_manager.patch network-manager-0.6.4/debian/patches/02-dbus_access_network_manager.patch
--- network-manager-0.6.4/debian/patches/02-dbus_access_network_manager.patch
+++ network-manager-0.6.4/debian/patches/02-dbus_access_network_manager.patch
@@ -1,15 +1,17 @@
---- src/NetworkManager.conf.orig 2006-06-14 02:47:10.000000000 +0200
-+++ src/NetworkManager.conf 2006-06-14 02:48:31.000000000 +0200
-@@ -8,7 +8,11 @@
+--- src/NetworkManager.conf.orig 2007-05-28 23:57:20.000000000 +0200
++++ src/NetworkManager.conf 2007-05-29 00:00:50.000000000 +0200
+@@ -12,6 +12,14 @@
<allow send_destination="org.freedesktop.NetworkManager"/>
<allow send_interface="org.freedesktop.NetworkManager"/>
</policy>
-- <policy at_console="true">
+ <policy user="haldaemon">
+ <allow send_destination="org.freedesktop.NetworkManager"/>
+ <allow send_interface="org.freedesktop.NetworkManager"/>
+ </policy>
+ <policy group="netdev">
- <allow send_destination="org.freedesktop.NetworkManager"/>
- <allow send_interface="org.freedesktop.NetworkManager"/>
- </policy>
++ <allow send_destination="org.freedesktop.NetworkManager"/>
++ <allow send_interface="org.freedesktop.NetworkManager"/>
++ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManager"/>
+ <deny send_destination="org.freedesktop.NetworkManager"/>
More information about the Pkg-utopia-maintainers
mailing list