Hello,
Ludovic Courtès <l...@gnu.org> writes:
>>> 2025-04-24 10:34:15 localhost NetworkManager[852]: <warn>
>>> [1745483655.8537] plugin: skip invalid file
>>> /gnu/store/agadky1p0ba367avf524sh5wmcdxcxb1-network-manager-1.52.0/lib/NetworkManager/1.52.0/libnm-device-plugin-wwan.so:
>>> file has invalid owner (should be root)
>>
>> Looks like NetworkManager doesn't like a non-root owner of plugins.
>
> I think we’ll have to add an activation snippet in the ‘network-manager’
> service that copies those files elsewhere with appropriate ownership.
>
> Or we could patch NetworkManager. (Maybe wiser.)
Looking into it, I think this root-ownership check buys us very little:
it worked “by chance”, but since anyone can indirectly write into the
store (with root ownership), it’s pointless.
What matters is that network-manager is configured by root on Guix
System, and that it is passed its configuration in the store
(unambiguous).
So I’m tempted to just remove the check, but I’d rather have more
eyeballs on this:
diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
index 895a991..738f8c7 100644
--- a/src/core/nm-core-utils.c
+++ b/src/core/nm-core-utils.c
@@ -4319,14 +4319,6 @@ nm_utils_validate_plugin(const char *path, struct stat *st, GError **error)
return FALSE;
}
- if (st->st_uid != 0) {
- g_set_error_literal(error,
- NM_UTILS_ERROR,
- NM_UTILS_ERROR_UNKNOWN,
- "file has invalid owner (should be root)");
- return FALSE;
- }
-
if (st->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) {
g_set_error_literal(error,
NM_UTILS_ERROR,
Ludo’.
