Comment # 3 on bug 1114383 from 
(In reply to fvogt@suse.com from comment #2)
> This is not the case anymore, now kcheckpass is just a normal binary without
> any special capabilities.

If kcheckpass no longer needs setuid root then we should remove it from the
permissions package, too. It's only because the location of kcheckpass changed
that 'chkstat' doesn't reapply setuid permissions to it.

> Manually adding suid/sgid permissions to a system binary is not something
> accounted for in the package and it shouldn't need to be. Otherwise every
> package shipping a binary would need to call %set_permissions.

Every package shipping a *setuid* binary actually needs to call
%set_permissions as is also documented in [1].

[1]:
https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25set_permissions

The question remains why the user can no longer unlock after the `zypper dup`
as explained in comment 0 then.

You are receiving this mail because: