fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-04 18:00:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/src/nm-helpers
History
Beniamino Galvani bb0d29a8f1 libnm: add function to copy a certificate or key as user 
Add a new public function nm_utils_copy_cert_as_user() to libnm. It
reads a certificate or key file on behalf of the given user and writes
it to a directory in /run/NetworkManager. It is useful for VPN plugins
that run as root and need to verify that the user owning the
connection (the one listed in the connection.permissions property) can
access the file.

(cherry picked from commit 1a52bbe7c9)
(cherry picked from commit 3d85bace3d)
(cherry picked from commit 4587832735)
2025-12-12 13:35:39 +01:00
..
meson.build libnm: add function to copy a certificate or key as user 2025-12-12 13:35:39 +01:00
nm-daemon-helper.c daemon-helper: add read-file-as-user 2025-12-10 11:26:22 +01:00
nm-libnm-helper.c libnm: add function to copy a certificate or key as user 2025-12-12 13:35:39 +01:00
nm-priv-helper.c helpers: move helper programs to the same directory 2025-12-10 11:26:22 +01:00
nm-priv-helper.conf helpers: move helper programs to the same directory 2025-12-10 11:26:22 +01:00
org.freedesktop.nm_priv_helper.service.in helpers: move helper programs to the same directory 2025-12-10 11:26:22 +01:00
README.md libnm: add function to copy a certificate or key as user 2025-12-12 13:35:39 +01:00

README.md

nm-helpers

This directory contains stand-alone helper programs used by various components.

nm-daemon-helper

A internal helper application that is spawned by NetworkManager to perform certain actions which can't be done in the daemon.

Currently it's used to do a reverse DNS lookup after reconfiguring the libc resolver (which is a process-wide operation), and to read files on behalf of unprivileged users (which requires a seteuid that affects all the threads of the process).

This is not directly useful to the user.

nm-libnm-helper

A internal helper application that is spawned by libnm to perform certain actions without impacting the calling process.

This is not directly useful to the user.

nm-priv-helper

This is a D-Bus activatable, exit-on-idle service, which provides an internal API to NetworkManager daemon.

This has no purpose for the user, it is an implementation detail of the daemon.

The purpose is that nm-priv-helper can execute certain privileged operations which NetworkManager process is not allowed to. We want to sandbox NetworkManager as much as possible, and nm-priv-helper provides a controlled way to perform some very specific operations.

As such, nm-priv-helper should still be sandboxed too to only being able to execute the operations that are necessary for NetworkManager.

nm-priv-helper will reject all D-Bus requests that are not originating from the current name owner of "org.freedesktop.NetworkManager". That is, it is supposed to only reply to NetworkManager daemon and as such is not useful to the user directly.