After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 790726 - Shared connection fails if /proc/sys is read-only
Shared connection fails if /proc/sys is read-only
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: IP and DNS config
1.10.x
Other Linux
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2017-11-22 19:39 UTC by bpascard
Modified: 2017-11-24 16:17 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
platform: preserve errno in nm_platform_sysctl_get_int_checked() (1.02 KB, patch)
2017-11-22 21:13 UTC, Thomas Haller 		none Details | Review
device: ignore errors setting ip_forward for IPv4 shared method (2.30 KB, patch)
2017-11-22 21:13 UTC, Thomas Haller 		none Details | Review

Description bpascard 2017-11-22 19:39:31 UTC 
Hello,

I'm trying to create a connection with IPv4 method 'shared' inside a Docker container.
Inside a container /proc/sys is mounted read-only, but I have manually set /proc/sys/net/ipv4/ip_forward is '1'.

When I activate the shared connection, it fails ("share: error enabling IPv4 forwarding" in the logs). NM tries to write to /proc/sys/net/ipv4/ip_forward even though ip_forward is already set to '1'.

Tested with NM 1.4.2 and 1.6.2. I have checked out 1.10 source and it seems to be the same.

I have a homemade patch for this bug that makes ip_forward failure not fail the connection.

I though it'd be reasonable to check for the current value of a sysctl before trying to write to it?

Thanks

Also : There are numerous similar errors (visible in the logs, log level=DEBUG) caused by /proc/sys being read-only. Only /proc/sys/net/ipv4/ip_forward seems to result in the connection failing, this might simply because I have set IPv6 method to 'ignore'.
Comment 1 Thomas Haller 2017-11-22 21:13:27 UTC 
Created attachment 364232 [details] [review]
platform: preserve errno in nm_platform_sysctl_get_int_checked()

It's not clear whether free() changes errno. Be sure about it.
Comment 2 Thomas Haller 2017-11-22 21:13:35 UTC 
Created attachment 364233 [details] [review]
device: ignore errors setting ip_forward for IPv4 shared method

/proc/sys might be read-only, so be more graceful and no longer fail
activation, if we were unable to set ip_forward.

Also, try to read the value first, and only set it if necessary.

Also, downgrade the <error> messages to <warn>, only fatal errors
warrant the <error> level.
Comment 3 Beniamino Galvani 2017-11-24 15:17:34 UTC 
> device: ignore errors setting ip_forward for IPv4 shared method
   
> /proc/sys might be read-only, so be more graceful and no longer fail
> activation, if we were unable to set ip_forward.

If we can't enable forwarding, the connection should not succeed in my opinion because internet sharing won't work.

> Also, try to read the value first, and only set it if necessary.

I think this is enough.
Comment 4 Thomas Haller 2017-11-24 16:00:44 UTC 
makes sense.

How about

https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=th/shared-mode-failure-bgo790726 ?

(with a new commit)