[NetworkManager-openconnect/el5] Run openconnect as root to work around bad permissions on /dev/net/tun in RHEL5
David Woodhouse
dwmw2 at fedoraproject.org
Fri Jun 22 08:13:35 UTC 2012
commit 84d405c9a2cb09efc0cbd221d16b7fd44f0ffa8f
Author: David Woodhouse <David.Woodhouse at intel.com>
Date: Fri Jun 22 09:12:47 2012 +0100
Run openconnect as root to work around bad permissions on /dev/net/tun in RHEL5
NetworkManager-openconnect.spec | 22 ++++++++++++++--------
1 files changed, 14 insertions(+), 8 deletions(-)
---
diff --git a/NetworkManager-openconnect.spec b/NetworkManager-openconnect.spec
index 2a3f898..b46ceec 100644
--- a/NetworkManager-openconnect.spec
+++ b/NetworkManager-openconnect.spec
@@ -9,7 +9,7 @@
Summary: NetworkManager VPN integration for openconnect
Name: NetworkManager-openconnect
Version: 0.8.6.0
-Release: 1%{snapshot}%{?dist}
+Release: 2%{snapshot}%{?dist}
License: GPLv2+
Group: System Environment/Base
URL: http://www.gnome.org/projects/NetworkManager/
@@ -42,8 +42,8 @@ Requires: openconnect >= %{openconnect_version}
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
-Requires(pre): %{_sbindir}/useradd
-Requires(pre): %{_sbindir}/groupadd
+#Requires(pre): %{_sbindir}/useradd
+#Requires(pre): %{_sbindir}/groupadd
%description
@@ -75,11 +75,14 @@ rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.a
%clean
rm -rf $RPM_BUILD_ROOT
-%pre
-%{_sbindir}/groupadd -r nm-openconnect &>/dev/null || :
-%{_sbindir}/useradd -r -s /sbin/nologin -d / -M \
- -c 'NetworkManager user for OpenConnect' \
- -g nm-openconnect nm-openconnect &>/dev/null || :
+# RHEL5 doesn't have /dev/net/tun world-writeable, although it should.
+# (it does have kernel commit ca6bb5d7 which makes that sane)
+# So don't create the unprivileged user, and openconnect will run as root.
+#%pre
+#%{_sbindir}/groupadd -r nm-openconnect &>/dev/null || :
+#%{_sbindir}/useradd -r -s /sbin/nologin -d / -M \
+# -c 'NetworkManager user for OpenConnect' \
+# -g nm-openconnect nm-openconnect &>/dev/null || :
%post
/sbin/ldconfig
@@ -113,6 +116,9 @@ fi
%{_datadir}/gnome-vpn-properties/openconnect/nm-openconnect-dialog.glade
%changelog
+* Wed Jun 20 2012 David Woodhouse <David.Woodhouse at intel.com> - 0.8.6.0-2
+- Don't create nm-openconnect user; RHEL5 has bad /dev/net/tun permissions
+
* Wed Jun 20 2012 David Woodhouse <David.Woodhouse at intel.com> - 0.8.6.0-1
- Update to 0.8.6.0 and backport for EPEL5
More information about the scm-commits
mailing list