View previous topic :: View next topic |
Author |
Message |
BurningMemory n00b
Joined: 17 Jan 2023 Posts: 33
|
Posted: Tue Apr 16, 2024 3:59 am Post subject: [SOLVED] nm-applet not authorized |
|
|
Hello there.
Here's an example of the message networkmanager sends:
Code: | localhost NetworkManager[5739]: <info> [1713857929.6031] audit: op="device-disconnect" interface="enp10s0" ifindex=2 pid=11239 uid=1000 result="fail" reason="org.freedesktop.NetworkManager.network-control request failed: not authorized" |
I've already tried two policies for polkit, as I still suspect the problem is related to it:
Code: | polkit.addRule(function(action, subject) {
var YES = polkit.Result.YES;
var permission = {
"org.freedesktop.NetworkManager.wifi.scan": YES,
"org.freedesktop.NetworkManager.sleep-wake": YES,
"org.freedesktop.NetworkManager.settings.modify.own": YES,
"org.freedesktop.NetworkManager.settings.modify.hostname": YES,
"org.freedesktop.NetworkManager.network-control": YES,
"org.freedesktop.NetworkManager.enable-disable-wifi": YES,
"org.freedesktop.NetworkManager.enable-disable-network": YES,
"org.freedesktop.NetworkManager.enable-disable-connectivity-check": YES,
};
if (subject.isInGroup("wheel")) {
return permission[action.id];
}
}); | and
Code: | polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 && subject.isInGroup("plugdev")) {
return polkit.Result.YES;
}
}); | Yes, my user is indeed in the plugdev group. Both policies didn't solve the problem, so maybe
it's not related to polkit at all, although I do not see any more issues in any log file or dmesg even.
SELinux was in permissive mode when the tests were performed. Also, nmtui does not work too.
Last edited by BurningMemory on Sat May 04, 2024 3:13 am; edited 1 time in total |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3882
|
Posted: Tue Apr 16, 2024 3:02 pm Post subject: |
|
|
The problem is not NM.The problem is nm-applet that should run with elevated permissions.
Try adding your user to "wheel" group because of
Code: |
cat /etc/polkit-1/rules.d/55-allowing-all-actions.rules
polkit.addRule (function (action, subject)
{
if (subject.isInGroup ("wheel"))
{
return polkit.Result.YES;
}
});
|
Or run nm-applet with sudo or as root.
Same goes with nmtui and nmcli also. _________________
|
|
Back to top |
|
|
BurningMemory n00b
Joined: 17 Jan 2023 Posts: 33
|
Posted: Wed Apr 17, 2024 4:11 am Post subject: |
|
|
alamahant wrote: | The problem is not NM.The problem is nm-applet that should run with elevated permissions.
Try adding your user to "wheel" group because |
Thanks for the suggestions, though my user is already in the wheel group.
Also, I don't think running with elevated privs directly is a good idea. |
|
Back to top |
|
|
BurningMemory n00b
Joined: 17 Jan 2023 Posts: 33
|
Posted: Sat May 04, 2024 3:12 am Post subject: |
|
|
Found out what the problem was. I had /proc mounted with the hidepid=2 fs option.
For some reason the system bus could not read /proc/{pid}/status directory when
trying to authorize usage. What a surprise, the problem turned out to be not with
polkit at all. Wonder if I should file a bug about this, because this is a security
measure after all. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|