Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCH v2 5/5] man: Document DAC privilege configuration in
VPN configuration file (Jussi Laakkonen)
2. Re: Why can't connman automatically enable and connect to
cellular network interface? (JH)
----------------------------------------------------------------------
Message: 1
Date: Thu, 2 May 2019 13:51:20 +0300
From: Jussi Laakkonen <[email protected]>
To: [email protected]
Subject: [PATCH v2 5/5] man: Document DAC privilege configuration in
VPN configuration file
Message-ID: <[email protected]>
Added documentation of the DAC privilege configuration to manual pages.
Detailed both connman-vpn.conf and VPN plugin specific configuration.
---
doc/connman-vpn.conf.5.in | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/doc/connman-vpn.conf.5.in b/doc/connman-vpn.conf.5.in
index 20d30fcc..f27205b8 100644
--- a/doc/connman-vpn.conf.5.in
+++ b/doc/connman-vpn.conf.5.in
@@ -14,6 +14,15 @@ is a configuration file for ConnMan-VPN. The configuration
file is
optional but it can be used to set up various aspects of ConnMan-VPN's
behavior. The location of the file may be changed through use of
the \fB\-\-config= \fRargument for \fBconnman-vpn\fP(8).
+.P
+DAC privileges (user, group and supplementary groups) of a VPN binary ran by
\fBconnman-vpn\fP(8) can be controlled by this configuration. Configuration in
+.B connman-vpn.conf
+is for all VPN types and can be overridden by defining separate configs into
+.B @sysconfdir@/connman/vpn-plugin/
+using the plugin name + .conf suffix using the same syntax. For example, for
OpenVPN the path to config is
+.B @sysconfdir@/connman/vpn-plugin/openvpn.conf
+which will override any value in the main configuration.
+
.SH "FILE FORMAT"
.P
The configuration file consists of sections (groups) of key-value pairs.
@@ -30,12 +39,32 @@ This section is the only mandatory section of the
configuration file.
Set input request timeout. Default is 300 seconds. The request for inputs
like passphrase will timeout after certain amount of time. Use this setting
to increase the value in case of different user interface designs.
-.SH "EXAMPLE"
-The following example configuration sets InputRequestTimeout to 10 minutes.
+.SS [DACPrivileges]
+This section controls the DAC privileges to use for a VPN binary used by a VPN
+plugin. DAC privileges that can be set are user, group and supplementary
groups.
+.TP
+.BI User= username/uid
+User on the system to use for running VPN binary. Username or uid can be used.
+.TP
+.BI Group= groupname/gid
+The main group to use for running VPN binary. Group name or gid can be used.
+.TP
+.BI SupplementaryGroups= groupnames/gids
+Comma separated list of supplementary groups to set for the VPN binary. Groups
+can be defined with their names or gid's.
+.SH "EXAMPLES"
+The following example configuration sets InputRequestTimeout to 10 minutes,
+runs VPNs as user "vpn_user" of group "vpn" with additional supplementary
+groups "inet" and "net_admin".
.PP
.nf
[General]
InputRequestTimeout = 600
+
+[DACPrivileges]
+User = vpn_user
+Group = vpn
+SupplementaryGroups = inet, net_admin
.fi
.SH "SEE ALSO"
.BR connman (8), \ connman-vpn (8)
--
2.20.1
------------------------------
Message: 2
Date: Thu, 2 May 2019 21:37:12 +1000
From: JH <[email protected]>
To: Daniel Wagner <[email protected]>
Cc: [email protected]
Subject: Re: Why can't connman automatically enable and connect to
cellular network interface?
Message-ID:
<CAA=hcWSY6yQJRtZH9Cv5aySSHyQxg2tmVU61yBd=wjam6qk...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Thank you very much Daniel, that did the trick.
Kind regards,
- jupiter
On 5/2/19, Daniel Wagner <[email protected]> wrote:
> Hi JH,
>
> On Thu, May 02, 2019 at 03:29:57PM +1000, JH wrote:
>> Both wifi.config and cellular.config are able to be added by connman,
>> but I have to run command line manually "connmanctl enable cellular"
>> and "connmanctl enable wifi" to bring both online. Are there any
>> key-value in config file for automatically enable\ing the interfaces
>> without calling "connmanctl enable cellular / wifi" manually? I
>> checked the config-format.txt, but could not find anything.
>
> The default settings for the technology enabled/disabled is in the
> /var/lib/connman/settings file. Try to deploy something like
> below. Note ConnMan should not run when you add or edit the file.
>
> # cat /var/lib/connman/settings
> [global]
> OfflineMode=false
>
> [Wired]
> Enable=true
> Tethering=false
>
> [WiFi]
> Enable=true
>
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 43, Issue 5
**************************************
