Re: Accessing NetworkManager from a daemon

From: Stuart Longland <stuartl vrt com au>
To: Dan Williams <dcbw redhat com>
Cc: "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: Re: Accessing NetworkManager from a daemon
Date: Fri, 29 Aug 2014 18:20:49 +1000

On 29/08/14 01:34, Dan Williams wrote:

Polkit is about access control though, and if you don't care about that,
you can tell Polkit to allow all your accesses.  But the problem you're
having is that you don't even get that far, because NM is checking if
you have a session first.  Can you check if you have ConsoleKit or
systemd session tracking enabled?  If you get a hit for this, you have
systemd enabled


Indeed, I run your command and get:

stuartl sjl-lxc-debian:~$ ldd /usr/sbin/NetworkManager | grep systemd-login
        libsystemd-login.so.0 => /lib/i386-linux-gnu/libsystemd-login.so.0 (0xf7387000)


so Debian do distribute NetworkManager with systemd session tracking
enabled.  This is just the stock Debian binary: from the 'sid'
distribution (because the one in 'wheezy' refuses to look at my LXC
container's Ethernet devices).

If I can sort out the session issue, then it's feasible that in our
application, we install a suitable policy file that tells Polkit to
allow www-data to access NetworkManager.  There's examples of doing this
for the netdev group, so it's conceivable to do the same thing for
www-data as well.

Polkit documentation mentions the existence of a text agent, for the
purpose of running such operations via SSH.  Not sure if it's possible
to wrap a mod_wsgi process inside one of these however, so I'm looking
to see if I can make use of PolkitAgentTextListener.

I have asked about it here:
http://lists.freedesktop.org/archives/polkit-devel/2014-August/000407.html

I'll admit I'm still very green with regards to Polkit, ConsoleKit and
all these other things.  As I understand it, I basically have to write
my own "agent" for the web user, which means this has become more of a
Polkit question than a NetworkManager one.  At least now I know where to
start asking further questions.

Regards,
-- 
Stuart Longland
Systems Engineer
     _ ___
\  /|_) |                           T: +61 7 3535 9619
 \/ | \ |     38b Douglas Street    F: +61 7 3535 9699
   SYSTEMS    Milton QLD 4064       http://www.vrt.com.au

Follow-Ups:
- Re: Accessing NetworkManager from a daemon
  - From: Stuart Longland

References:
- Re: Accessing NetworkManager from a daemon
  - From: Stuart Longland
- Re: Accessing NetworkManager from a daemon
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]