Handling of /etc/hosts is highly site- and admin- specific in
many more complex cases, and it's exceedingly hard and error-
prone for NetworkManager to handle all those cases. So remove
this functionality entirely. That's not a big loss, as it
turns out there's a much more elegant solution.
The only requirement is that the machine's hostname map back
to an IP address owned by the machine. That requirement can
be satisifed by nss-myhostname or even possibly the distro's
installer. If the user does not want nss-myhostname then it
can be uninstalled. Distros should use a "recommends" feature
in their packaging system so that the NetworkManager package
does *not* have a hard requirement on nss-myhostname. Thus
everyone is happy; things Just Work when nss-myhostname is
installed, but more advanced users can uninstall it and
customize /etc/hosts as they wish.
Another alternative is a dispatcher script that listents for
the 'hostname' event, and updates /etc/hosts according to the
administrator's preference.
NMSysconfigSettings has the authoritative list of connections, no reason
to duplicate all that tracking code in NMManager. Add the missing bits
that the manager had to NMSysconfigSettings, and point NMPolicy at the
settings object instead of NMManager for that.
More info:
https://bugzilla.redhat.com/show_bug.cgi?id=585394http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1172
dbus-glib was not properly enforcing the 'access' permissions on
object properties exported using its API. There were 2 specific bugs:
1) dbus-glib did not enforce the introspection read/write property
permissions, so if the GObject property definition allowed write
access (which is sometimes desirable), D-Bus clients could modify
that value even if the introspection said it was read-only
2) dbus-glib was not filtering out GObject properties that were
not listed in the introspection XML. Thus, if the GObject defined
more properties than were listed in the introspection XML (which is
also often useful, and NM uses this quite a bit) those properties
would also be exposed to D-Bus clients.
To fix this completely, you need to:
1) get dbus-glib master when the patch is commited, OR grab the
patch from https://bugzilla.redhat.com/show_bug.cgi?id=585394 and
build a new dbus-glib
2) rebuild NetworkManager against the new dbus-glib
Even though we prefer NetworkManager.conf, we need to check the
old nm-system-settings.conf first to preserve compat with older
setups. In package managed systems dropping a NetworkManager.conf
onto the system would make NM use it instead of nm-system-settings.conf,
changing behavior during an upgrade. We don't want that.
GIO will apparently normally try to use the remote VFS implemenation
on the session bus. But NM (as a root service) shouldn't ever be
trying to talk to anything on the session bus. Squash that.
