http://bugzilla.suse.com/show_bug.cgi?id=1100328 Bug ID: 1100328 Summary: need review of new libvirt polkit rules Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: jfehlig@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I'm working on updating Factory to libvirt 4.5.0, which contains new nwfilter-related polkit rules. Test builds of libvirt 4.5.0 fail with [ 349s] libvirt-daemon.x86_64: E: polkit-unauthorized-privilege (Badness: 10000) org.libvirt.api.connect.search-nwfilter-bindings (yes:yes:yes) [ 349s] libvirt-daemon.x86_64: E: polkit-unauthorized-privilege (Badness: 10000) org.libvirt.api.nwfilter.binding-getattr (yes:yes:yes) [ 349s] libvirt-daemon.x86_64: E: polkit-unauthorized-privilege (Badness: 10000) org.libvirt.api.nwfilter.binding-read (yes:yes:yes) [ 349s] The package allows unprivileged users to carry out privileged operations [ 349s] without authentication. This could cause security problems if not done [ 349s] carefully. If the package is intended for inclusion in any SUSE product please [ 349s] open a bug report to request review of the package by the security team [ 349s] [ 349s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.libvirt.api.nwfilter.binding-create (no:no:no) [ 349s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.libvirt.api.nwfilter.binding-delete (no:no:no) [ 349s] The privilege is not listed in /etc/polkit-default-privs.* which makes it [ 349s] harder for admins to find. If the package is intended for inclusion in any [ 349s] SUSE product please open a bug report to request review of the package by the [ 349s] security team Beyond opening this bug I'm not sure what is required on my part so please let me know if I have an actionable item :-). Thanks! -- You are receiving this mail because: You are on the CC list for the bug.