Fixes a crash where the default DNS domain to be announced together with the
prefixes to be delegated is updated at the same time the device is being
unrealized.
https://bugzilla.redhat.com/show_bug.cgi?id=1425818
NMDeviceGeneric:check_connection_compatible() doesn't check for a
matching interface name. It relies on the parent implementation to
do that.
The parent implementation calls nm_manager_get_connection_iface().
That fails for NM_SETTING_GENERIC_SETTING_NAME, because that one has
no factory. Maybe this imbalance of having no factory for the Generic device
is wrong, but usually factories only match a distinct set of device
types, while the generic factory would handle them all (as last resort).
Without this, activating a generic connection might activate the
wrong interface.
(cherry picked from commit 3876b10a47)
NMDeviceGeneric:check_connection_compatible() doesn't check for a
matching interface name. It relies on the parent implementation to
do that.
The parent implementation calls nm_manager_get_connection_iface().
That fails for NM_SETTING_GENERIC_SETTING_NAME, because that one has
no factory. Maybe this imbalance of having no factory for the Generic device
is wrong, but usually factories only match a distinct set of device
types, while the generic factory would handle them all (as last resort).
Without this, activating a generic connection might activate the
wrong interface.
We have unit tests for writing and re-reading ifcfg file. Those
tests compare whether a file can be successfully read and is
semantically identical.
However, there were no tests that a certain output is written in
a stable format. We aim not to change the output of what we write.
For that, add tests to not only check the semantic of the written
ifcfg file, but their bits and bytes.
Some future changes may well intentionally change the current
output. That will require to update the expected result files
and can be done via
NMTST_IFCFG_RH_UPDATE_EXPECTED=yes src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh
Note that alias, route, and key files are not checked.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1445414
(cherry picked from commit f04bf45e84)
We have unit tests for writing and re-reading ifcfg file. Those
tests compare whether a file can be successfully read and is
semantically identical.
However, there were no tests that a certain output is written in
a stable format. We aim not to change the output of what we write.
For that, add tests to not only check the semantic of the written
ifcfg file, but their bits and bytes.
Some future changes may well intentionally change the current
output. That will require to update the expected result files
and can be done via
NMTST_IFCFG_RH_UPDATE_EXPECTED=yes src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh
Note that alias, route, and key files are not checked.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1445414
Before refactoring nmcli recently, field names were marked for translation.
Note that for the property names, marking them had no effect as only
plain strings can be marked with N_().
Note how --fields are also an input argument. The input should be
independent of the locale and not translated. Likewise, when printing
the header names, they should not be translated to match the --fields
option.
$ LANG=de_DE.utf8 nmcli --fields GENERAL.DEVICE device show enp0s25
GENERAL.GERÄT: enp0s25
Drop the translation marks.
As NMDevice now creates the NMPacrunnerManager instance
as needed, it is even more likely that the initial call
to nm_pacrunner_manager_send() will only queue (but not yet
send) the new config.
Later, when the D-Bus proxy is created, we will not get a
name-owner changed signal. We instead have to push the configuration
right away.
(cherry picked from commit 019b9fbfc0)
nm_pacrunner_manager_remove() required a "tag" argument. It was a
bug for callers trying to remove a configuration for a non-existing
tag.
That effectively means, the caller must keep track of whether a certain
"tag" is pending. The caller also must remember the tag -- a tag that he
must choose uniquely in the first place.
Turn that around and have nm_pacrunner_manager_send() return a (non
NULL) call-id. This call-id may later be used to remove the
configuration.
Apparently, previously the tracking of the "tag" was not always correct
and we hit the assertion in nm_pacrunner_manager_remove().
https://bugzilla.redhat.com/show_bug.cgi?id=1444374
(cherry picked from commit b04a9c90eb)
As NMDevice now creates the NMPacrunnerManager instance
as needed, it is even more likely that the initial call
to nm_pacrunner_manager_send() will only queue (but not yet
send) the new config.
Later, when the D-Bus proxy is created, we will not get a
name-owner changed signal. We instead have to push the configuration
right away.
nm_pacrunner_manager_remove() required a "tag" argument. It was a
bug for callers trying to remove a configuration for a non-existing
tag.
That effectively means, the caller must keep track of whether a certain
"tag" is pending. The caller also must remember the tag -- a tag that he
must choose uniquely in the first place.
Turn that around and have nm_pacrunner_manager_send() return a (non
NULL) call-id. This call-id may later be used to remove the
configuration.
Apparently, previously the tracking of the "tag" was not always correct
and we hit the assertion in nm_pacrunner_manager_remove().
https://bugzilla.redhat.com/show_bug.cgi?id=1444374
Usually, this "<allow send_destination="..."/>" part is shipped
by firewalld's D-Bus policy. However, if firewalld is initially
not installed with NetworkManager already running, dbus-daemon
seems to cache the missing permission for the D-Bus connection.
As a result, when installing and starting firewalld, NetworkManager
requests fail until restart:
firewall: [0x7f4b83643890,change:"eth1"]: complete: request failed (Rejected send message, 1 matched rules; type="method_call", sender=":1.3" (uid=0 pid=715 comm="/usr/sbin/NetworkManager --no-daemon ") interface="org.fedoraproject.FirewallD1.zone" member="changeZone" error name="(unset)" requested_reply="0" destination=":1.25" (uid=0 pid=1243 comm="/usr/bin/python -Es /usr/sbin/firewalld --nofork -"))
https://bugzilla.redhat.com/show_bug.cgi?id=1436770
(cherry picked from commit cc1d409ba8)
We want to ignore certain errors from firewalld. In the past,
the error message contained only the error code.
Since recently ([1], [2]), the error message contains a longer text:
NetworkManager[647]: <debug> [1492768494.7475] device[0x7f7f21e78f50] (eth0): Activation: setting firewall zone 'default'
NetworkManager[647]: <debug> [1492768494.7475] firewall: [0x7f7f21ed8900,change:"eth0"]: firewall zone change eth0:default
...
firewalld[2342]: ERROR: UNKNOWN_INTERFACE: 'eth0' is not in any zone
NetworkManager[647]: <warn> [1492768494.7832] firewall: [0x7f7f0400c780,remove:"eth0"]: complete: request failed (UNKNOWN_INTERFACE: 'eth0' is not in any zone)
[1] c77156d7f6
[2] 7c6ab456c5
(cherry picked from commit 2ad8bb0ce3)
We now initialize the NMFirewallManager asynchronously. That means, at
first firewalld appears as "not running", for which we usually would
fake-success right away.
It would be complex for callers to wait for firewall-manager to be
ready. So instead, have the asynchronous requests be queued and
complete them once the D-Bus proxy is initialized.
(cherry picked from commit fb7815df6e)
Next we will get another mode, so an is-idle doesn't cut it.
It can be confusing where the mode is set and where it is only
accessed read-only. For that, add mode_mutable.
(cherry picked from commit 04f4e327a9)
Creating it asynchronously changes that on the first call to
nm_firewall_manager_get() the instance is not yet running.
Note that NMPolicy already connects to the "STARTED" signal and
reapplies the zones when firewalld appears. So, this delayed
change of the running state is handled mostly fine already.
One part is still missing, it's to queue add_or_change/remove calls
while the firewall manager is initializing. That follows next.
(cherry picked from commit 753f39fa82)
Usually, this "<allow send_destination="..."/>" part is shipped
by firewalld's D-Bus policy. However, if firewalld is initially
not installed with NetworkManager already running, dbus-daemon
seems to cache the missing permission for the D-Bus connection.
As a result, when installing and starting firewalld, NetworkManager
requests fail until restart:
firewall: [0x7f4b83643890,change:"eth1"]: complete: request failed (Rejected send message, 1 matched rules; type="method_call", sender=":1.3" (uid=0 pid=715 comm="/usr/sbin/NetworkManager --no-daemon ") interface="org.fedoraproject.FirewallD1.zone" member="changeZone" error name="(unset)" requested_reply="0" destination=":1.25" (uid=0 pid=1243 comm="/usr/bin/python -Es /usr/sbin/firewalld --nofork -"))
https://bugzilla.redhat.com/show_bug.cgi?id=1436770
We want to ignore certain errors from firewalld. In the past,
the error message contained only the error code.
Since recently ([1], [2]), the error message contains a longer text:
NetworkManager[647]: <debug> [1492768494.7475] device[0x7f7f21e78f50] (eth0): Activation: setting firewall zone 'default'
NetworkManager[647]: <debug> [1492768494.7475] firewall: [0x7f7f21ed8900,change:"eth0"]: firewall zone change eth0:default
...
firewalld[2342]: ERROR: UNKNOWN_INTERFACE: 'eth0' is not in any zone
NetworkManager[647]: <warn> [1492768494.7832] firewall: [0x7f7f0400c780,remove:"eth0"]: complete: request failed (UNKNOWN_INTERFACE: 'eth0' is not in any zone)
[1] c77156d7f6
[2] 7c6ab456c5
We now initialize the NMFirewallManager asynchronously. That means, at
first firewalld appears as "not running", for which we usually would
fake-success right away.
It would be complex for callers to wait for firewall-manager to be
ready. So instead, have the asynchronous requests be queued and
complete them once the D-Bus proxy is initialized.
Next we will get another mode, so an is-idle doesn't cut it.
It can be confusing where the mode is set and where it is only
accessed read-only. For that, add mode_mutable.
Creating it asynchronously changes that on the first call to
nm_firewall_manager_get() the instance is not yet running.
Note that NMPolicy already connects to the "STARTED" signal and
reapplies the zones when firewalld appears. So, this delayed
change of the running state is handled mostly fine already.
One part is still missing, it's to queue add_or_change/remove calls
while the firewall manager is initializing. That follows next.
Cherry-picked commit from master which used the new
nmc->nmc_config member not available in nm-1-8.
We should use the nmc->show_secret member here.
Fixes: d4c8a3fbf2
