On Mon, 21 Mar 2016 01:32:01 -0500 Robby Workman <robby rlworkman net> wrote:
1. /var/run/NetworkManager/ is created with mode 0700, which is a problem because non-root clients are unable to read the resolv.conf inside it. On this system, /var/run is a bind mount to /run, which is mode 0755 itself, so I don't think this problem is a result of any local configuration.
Well, this is only a problem immediately after package installation.
The installation process installs a /var/run/NetworkManger/ directory
with mode 0700, but if one is not present already, src/nm-main-utils.c
creates it with mode 0755.
In src/Makefile.am, there's this line:
$(mkinstalldirs) -m 0700 $(DESTDIR)$(rundir)
and rundir is defined as:
rundir=$(runstatedir)/NetworkManager
and runstatedir is defined as $localstatedir/run in configure.ac,
so essentially it's happening in src/Makefile.am
Given that src/nm-main-utils.c creates NMRUNDIR if it doesn't
already exist, it seems the best option is to kill that invocation
of $(mkinstalldirs) in src/Makefile.am or modify it to use 0755
instead of 0700. Patch attached to do the latter, but of course,
handle as you guys deem best.
-RW
Attachment:
0001-src-Makefile.am-Create-rundir-mode-0755-instead-of-0.patch
Description: Text Data
Attachment:
pgpd7ttxRsbyx.pgp
Description: OpenPGP digital signature