GNU bug report logs - #78047
WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon

Previous Next

Package: guix;

Reported by: Rodion Goritskov <rodion <at> goritskov.com>

Date: Thu, 24 Apr 2025 19:05:02 UTC

Severity: important

Full log

View this message in rfc822 format

From: Danny Milosavljevic <dannym <at> friendly-machines.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: guix-devel <at> gnu.org, 78047 <at> debbugs.gnu.org, Rodion Goritskov <rodion <at> goritskov.com>
Subject: bug#78047: WiFi stops working if managed with NetworkManager after migration to unprivileged guix daemon
Date: Fri, 06 Jun 2025 22:38:56 +0200

Hi Ludo,

I see, so the use case in question here would be to have NetworkManager run as root (like always; and probably necessary for the operations it does) but refer to plugins that were built by rootless guix-daemon (presumably real user account; or service user) ?  Then having geteuid() == st_uid indeed wouldn't help.

As for your patch, as long as it's not possible for the user to cause the environment variable NM_VPN_PLUGIN_DIR (or similar environment variable) to be changed for a root NetworkManager process, your change should be fine.  And in the Guix case it's not possible to mutate the contents in the store (for example the contents of the directory that NM_VPN_PLUGIN_DIR points to).

Your change LGTM!

P.S. I also found an extra spot in man/NetworkManager.xml :

<para>
      NetworkManager will execute scripts in the
      /etc/NetworkManager/dispatcher.d directory or subdirectories in
      alphabetical order in response to network events.  Each script should
      be a regular executable file owned by root.  Furthermore, it must not be
      writable by group or other, and not setuid.
</para>

Our dnssec-trigger seems to refer to that as well.
This bug report was last modified 13 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.