diff options
| author | Michael Vogt <michael.vogt@gmail.com> | 2017-08-29 11:25:01 +0200 |
|---|---|---|
| committer | Michael Vogt <mvo@ubuntu.com> | 2017-08-29 15:53:52 +0200 |
| commit | fac3534353e5176ab91f38f82855db59b2b6f3fd (patch) | |
| tree | dc2915b598624b80dc70df91da387ad36c214899 | |
| parent | 94784f1cfb5a5945b498a356b4a3ed036701b231 (diff) | |
interfaces: fix network-manager plug (#3818)
Add networkManagerPermanentPlugSecComp that adds socket AF_NETLINK - KOBJECT_UEVENT to unbreak nmcli
| -rw-r--r-- | interfaces/builtin/network_manager.go | 10 | ||||
| -rw-r--r-- | tests/main/install-store/task.yaml | 4 |
2 files changed, 14 insertions, 0 deletions
diff --git a/interfaces/builtin/network_manager.go b/interfaces/builtin/network_manager.go index 8304491415..c86096966d 100644 --- a/interfaces/builtin/network_manager.go +++ b/interfaces/builtin/network_manager.go @@ -250,6 +250,11 @@ dbus (receive, send) peer=(label=###SLOT_SECURITY_TAGS###), ` +const networkManagerConnectedPlugSecComp = ` +# Description: This is needed to talk to the network-manager service +socket AF_NETLINK - NETLINK_KOBJECT_UEVENT +` + const networkManagerPermanentSlotSecComp = ` # Description: Allow operating as the NetworkManager service. This gives # privileged access to the system. @@ -467,6 +472,11 @@ func (iface *networkManagerInterface) SanitizeSlot(slot *interfaces.Slot) error return nil } +func (iface *networkManagerInterface) SecCompConnectedPlug(spec *seccomp.Specification, plug *interfaces.Plug, plugAttrs map[string]interface{}, slot *interfaces.Slot, slotAttrs map[string]interface{}) error { + spec.AddSnippet(networkManagerConnectedPlugSecComp) + return nil +} + func (iface *networkManagerInterface) AutoConnect(*interfaces.Plug, *interfaces.Slot) bool { // allow what declarations allowed return true diff --git a/tests/main/install-store/task.yaml b/tests/main/install-store/task.yaml index 2cbe65c42a..7c89d1c63c 100644 --- a/tests/main/install-store/task.yaml +++ b/tests/main/install-store/task.yaml @@ -36,3 +36,7 @@ execute: | expected="(?s)$DEVMODE_SNAP .*" actual=$(snap install --channel beta --devmode $DEVMODE_SNAP) echo "$actual" | grep -Pzq "$expected" + + echo "Install network-manager and do basic smoke test" + snap install network-manager + network-manager.nmcli d show |