aboutsummaryrefslogtreecommitdiff
path: root/scripts/testing/net-scenarios/30-keyfile-perms.sh
blob: 8149f8785c02f959a8f5c5631a8d23f39ce422fe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# shellcheck shell=bash disable=SC2034  # sourced by run-net-scenarios.sh
# Scenario: a profile keyfile with unsafe permissions is set back to 0600 root.
#
# NetworkManager silently ignores a world-readable keyfile, so the profile
# never activates. Break by chmod 0644 on an existing profile's keyfile; the
# fix chmods it back to 0600 root. The doctor must run as root to read the
# keyfile dir, so this scenario runs the doctor with sudo. Requires at least
# one saved profile in the target (NET_SCENARIO_PROFILE names it).
SCENARIO_DESC="an unsafe-perms profile keyfile is restored to 0600 root"
SCENARIO_GROUP="control-plane"

_keyfile() {
    echo "/etc/NetworkManager/system-connections/${NET_SCENARIO_PROFILE:?set NET_SCENARIO_PROFILE to a saved profile name}.nmconnection"
}

scenario_break() {
    nexec "chmod 0644 '$(_keyfile)'"
}

scenario_diagnose_expect() {
    ndoctor_json ".report.control_plane.keyfile.perms_ok" | grep -qx false
}

scenario_fix() {
    nfix
}

scenario_assert() {
    nexec "[ \"\$(stat -c '%a %U' '$(_keyfile)')\" = '600 root' ]"
}