# shellcheck shell=bash disable=SC2034 # sourced by run-net-scenarios.sh # Scenario: a profile keyfile with unsafe permissions is set back to 0600 root. # # NetworkManager silently ignores a world-readable keyfile, so the profile # never activates. Break by chmod 0644 on an existing profile's keyfile; the # fix chmods it back to 0600 root. The doctor must run as root to read the # keyfile dir, so this scenario runs the doctor with sudo. Requires at least # one saved profile in the target (NET_SCENARIO_PROFILE names it). SCENARIO_DESC="an unsafe-perms profile keyfile is restored to 0600 root" SCENARIO_GROUP="control-plane" _keyfile() { echo "/etc/NetworkManager/system-connections/${NET_SCENARIO_PROFILE:?set NET_SCENARIO_PROFILE to a saved profile name}.nmconnection" } scenario_break() { nexec "chmod 0644 '$(_keyfile)'" } scenario_diagnose_expect() { ndoctor_json ".report.control_plane.keyfile.perms_ok" | grep -qx false } scenario_fix() { nfix } scenario_assert() { nexec "[ \"\$(stat -c '%a %U' '$(_keyfile)')\" = '600 root' ]" }