Netplan generate is creating directories with incorrect permission

Bug #2076319 reported by Robert Malz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Netplan
Fix Released
Medium
Robert Malz
netplan.io (Ubuntu)
Status tracked in Oracular
Jammy
In Progress
Undecided
Robert Malz
Noble
In Progress
Undecided
Robert Malz
Oracular
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

 * Running netplan with modified default umask (default 022, modified 027)
   will cause netplan to create /run/systemd/* directories with 750 permissions.

 * This will cause some backends, like systemd-network, failures during reading the configuration.

 * Issue appeared after adding fix for https://bugs.launchpad.net/netplan/+bug/1987842

[ Test Plan ]

 * To reproduce this issue default umask needs to be changes for instance to 027
   This can be done in multiple ways, like changing bashrc/login.defs/profile

 * Make sure that there is currently no netplan configuration applied eg.:
   /run/systemd/network/ should not exist

 * Run "netplan apply"

 * Netplan will create /run/systemd/network/ directory with 750 permissions

 * This will cause issues reading files from that directory for some backends

[ Where problems could occur ]

 * Targeted fix for this problem is to bring back setting umask to 022 in "netplan generate" code

 * New umask should be only applied to creating directories to not bring back issues from lp1987842

 * In previous implementations netplan was already setting umask 022, which was removed with lp1987842 fix
   adding back introduces low risk of regression.

 * Fix tested locally, no issues detected.

[ Other Info ]

 * umask 027 is set during usg hardening

 * In case of usg hardening, issue will not reproduce if /etc/netplan during boot process have some yaml files.
   In this scenario, umask 027 is set after netplan already perform config generation.
   User reporting this issue stated that in their scenario they first boot to the system and only then
   move netplan config to the /etc/netplan and run netplan apply manually

Tags: sru-next
Robert Malz (rmalz)
Changed in netplan:
assignee: nobody → Robert Malz (rmalz)
Revision history for this message
Lukas Märdian (slyon) wrote :
Changed in netplan:
status: New → Triaged
importance: Undecided → Medium
status: Triaged → In Progress
Revision history for this message
Lukas Märdian (slyon) wrote :

released in v1.1

Changed in netplan:
status: In Progress → Fix Released
Revision history for this message
Lukas Märdian (slyon) wrote :

We might bundle this SRU for Noble with bug #2077011

Changed in netplan.io (Ubuntu Oracular):
status: New → Fix Released
Revision history for this message
Robert Malz (rmalz) wrote :

Adding debdiff for noble

Revision history for this message
Robert Malz (rmalz) wrote :

Adding debdiff for jammy based on 0.106.1-7ubuntu0.22.04.4

Revision history for this message
Robert Malz (rmalz) wrote :

Adding debdiff for jammy based on 0.107.1-3ubuntu0.22.04.1

Changed in netplan.io (Ubuntu Jammy):
status: New → In Progress
Changed in netplan.io (Ubuntu Noble):
status: New → In Progress
Changed in netplan.io (Ubuntu Jammy):
assignee: nobody → Robert Malz (rmalz)
Changed in netplan.io (Ubuntu Noble):
assignee: nobody → Robert Malz (rmalz)
Lukas Märdian (slyon)
tags: added: sru-next
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.