Network Manager will not remove Netplan YAMLs when connections are deleted
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
netplan.io (Ubuntu) |
Triaged
|
Medium
|
Unassigned | ||
Mantic |
Invalid
|
Medium
|
Unassigned | ||
network-manager (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Mantic |
Fix Released
|
Critical
|
Unassigned |
Bug Description
[ Impact ]
Desktop users, or any users with YAML files in /usr/lib/netplan, can't delete
Network Manager connections persistently. That means that, when the connection is
deliberately deleted by the user, it will re-appear when the system is rebooted or
netplan apply is executed.
This is happening because the systemd service unit is setting the property "ProtectSystem"
to true. Because of that, /usr is being presented to the Network Manager daemon as read-only.
When connections are deleted, libnetplan will try to open its YAML files with writing permissions
and will fail for files from /usr/lib/netplan. Even if the user hasn't added any files there manually,
the file /usr/lib/
This issue is fixed by allow-listing /usr/lib/netplan with ReadWritePaths=
so the Network Manager's daemon will be able to write to that directory.
This upload also improves the autopkgtests related to Netplan. Network Manager will be
started by systemd, which ensures we are testing in the same environment conditions
used by a desktop installation. It also adds a few more instances of connections deletions so
we can test a bit more that YAML files are being removed. It also adds all the dependencies
required by the test script (which sadly was causing the nm_netplan.py tests to be skipped).
[ Test Plan ]
Launch a new Mantic VM:
$ lxc launch ubuntu:mantic --vm
Install network-manager and ubuntu-settings:
# apt install network-manager ubuntu-settings
Run Netplan
# netplan apply
Create a dummy connection via nmcli:
# nmcli con add type dummy connection.
Check a new YAML will be created in /etc/netplan
Delete the connection with nmcli
# nmcli con del dummy-dummy0
Check the YAML WAS NOT removed from /etc/netplan
You will see the error below in the NetworkManager's journal
netplan_
Add the PPA containing the fix and run the same test described above
# add-apt-repository ppa:danilogondo
# apt update
# apt upgrade
Check that the YAML will be created when the connection is added and deleted and the connection is removed.
[ Where problems could occur ]
As the only change is a relaxation of the restrictions applied by systemd on the environment where Network Manager
runs, we are not expecting any regression.
As for the changes in the autopkgtest related to Netplan, they are passing on all architectures.
Autopkgtests
amd64 - https:/
ppc64 - https:/
s390x - https:/
arm64 - https:/
armhf - https:/
[ Other Info ]
--- Original description ---
When a connection is deleted using any NM facility, libnetplan is failing to delete the YAML file. Because of that, the connection will be recreated when "netplan generate" runs again.
This is probably being caused by a combination of two things. First, the NM's systemd unit has this setting "ProtectSystem=
---
22517 openat(AT_FDCWD, "/lib/netplan/
22517 write(2, "netplan_
---
[1] - https:/
Related branches
- Sebastien Bacher: Approve
- Lukas Märdian: Approve
- Network-manager: Pending requested
-
Diff: 154 lines (+69/-13)5 files modifieddebian/changelog (+14/-0)
debian/patches/netplan/0003-Allow-the-NetworkManager-daemon-to-write-to-lib-netp.patch (+33/-0)
debian/patches/series (+1/-0)
debian/tests/control (+1/-1)
debian/tests/nm_netplan.py (+20/-12)
Changed in netplan.io (Ubuntu Mantic): | |
importance: | Undecided → Critical |
Changed in network-manager (Ubuntu Mantic): | |
importance: | Undecided → Critical |
tags: | added: foundations-todo |
Changed in netplan.io (Ubuntu Mantic): | |
status: | New → Triaged |
Changed in network-manager (Ubuntu Mantic): | |
status: | New → Triaged |
Changed in netplan.io (Ubuntu Mantic): | |
status: | Triaged → Invalid |
importance: | Critical → Medium |
Changed in netplan.io (Ubuntu): | |
importance: | Critical → Medium |
description: | updated |
tags: | removed: foundations-todo |
2023-10- 24T17:37: 01.668964+ 08:00 MrChen-T14 NetworkManager[ 780]: <info> [1698140221.6688] keyfile: deleting netplan connection: NM-10cb8fd3- 2680-4977- b422-1edfe62534 4f 24T17:37: 01.669081+ 08:00 MrChen-T14 NetworkManager[ 780]: Permissions for /etc/netplan/ 00-installer- config. yaml are too open. Netplan configuration should NOT be accessible by others. 24T17:37: 01.669839+ 08:00 MrChen-T14 NetworkManager[ 780]: Permissions for /etc/netplan/ 00-installer- config. yaml are too open. Netplan configuration should NOT be accessible by others. 24T17:37: 01.671549+ 08:00 MrChen-T14 NetworkManager[ 780]: netplan_ delete_ connection: Cannot write output state: Read-only file system 24T17:37: 01.770621+ 08:00 MrChen-T14 NetworkManager[ 780]: <info> [1698140221.7705] audit: op="connection- delete" uuid="10cb8fd3- 2680-4977- b422-1edfe62534 4f" name="新元申直播" pid=37966 uid=1000 result="success"
2023-10-
2023-10-
2023-10-
2023-10-