blob: 8149f8785c02f959a8f5c5631a8d23f39ce422fe (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
# shellcheck shell=bash disable=SC2034 # sourced by run-net-scenarios.sh
# Scenario: a profile keyfile with unsafe permissions is set back to 0600 root.
#
# NetworkManager silently ignores a world-readable keyfile, so the profile
# never activates. Break by chmod 0644 on an existing profile's keyfile; the
# fix chmods it back to 0600 root. The doctor must run as root to read the
# keyfile dir, so this scenario runs the doctor with sudo. Requires at least
# one saved profile in the target (NET_SCENARIO_PROFILE names it).
SCENARIO_DESC="an unsafe-perms profile keyfile is restored to 0600 root"
SCENARIO_GROUP="control-plane"
_keyfile() {
echo "/etc/NetworkManager/system-connections/${NET_SCENARIO_PROFILE:?set NET_SCENARIO_PROFILE to a saved profile name}.nmconnection"
}
scenario_break() {
nexec "chmod 0644 '$(_keyfile)'"
}
scenario_diagnose_expect() {
ndoctor_json ".report.control_plane.keyfile.perms_ok" | grep -qx false
}
scenario_fix() {
nfix
}
scenario_assert() {
nexec "[ \"\$(stat -c '%a %U' '$(_keyfile)')\" = '600 root' ]"
}
|