• Thomas Haller's avatar
    device: change default value for cloned-mac-address to "preserve" (bgo#770611) · fae5ecec
    Thomas Haller authored
    Long ago before commit 1b49f941, NetworkManager did not touch the
    MAC address at all. Since 0.8.2 NetworkManager would modify the
    MAC address, and eventually it would reset the permanent MAC address
    of the device.
    
    This prevents a user from externally setting the MAC address via tools
    like macchanger and rely on NetworkManager not to reset it to the
    permanent MAC address. This is considered a security regression in
    bgo#708820.
    
    This only changed with commit 9a354cdc and 1.4.0. Since then it is possible
    to configure "cloned-mac-address=preserve", which instead uses the "initial"
    MAC address when the device activates.
    That also changed that the "initial" MAC address is the address which was
    externally configured on the device as last. In other words, the
    "initial" MAC address is picked up from external changes, unless it
    was NetworkManager itself who configured the address when activating a
    connection.
    
    However, in absence of an explicit configuration the default for
    "cloned-mac-address" is still "permanent". Meaning, the user has to
    explicitly configure that NetworkManager should not touch the MAC address.
    It makes sense to change the upstream default to "preserve". Although this
    is a change in behavior since 0.8.2, it seems a better default.
    
    This change has the drastic effect that all the existing connections
    out there with "cloned-mac-address=$(nil)" change behavior after upgrade.
    I think most users won't notice, because their devices have the permanent
    address set by default anyway. I would think that there are few users
    who intentionally configured "cloned-mac-address=" to have NetworkManager
    restore the permanent address.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=770611
    fae5ecec
NetworkManager.conf.xml 51 KB