Bug ID 1100328
Summary need review of new libvirt polkit rules
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter jfehlig@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

I'm working on updating Factory to libvirt 4.5.0, which contains new
nwfilter-related polkit rules. Test builds of libvirt 4.5.0 fail with

[  349s] libvirt-daemon.x86_64: E: polkit-unauthorized-privilege (Badness:
10000) org.libvirt.api.connect.search-nwfilter-bindings (yes:yes:yes)
[  349s] libvirt-daemon.x86_64: E: polkit-unauthorized-privilege (Badness:
10000) org.libvirt.api.nwfilter.binding-getattr (yes:yes:yes)
[  349s] libvirt-daemon.x86_64: E: polkit-unauthorized-privilege (Badness:
10000) org.libvirt.api.nwfilter.binding-read (yes:yes:yes)
[  349s] The package allows unprivileged users to carry out privileged
operations
[  349s] without authentication. This could cause security problems if not done
[  349s] carefully. If the package is intended for inclusion in any SUSE
product please
[  349s] open a bug report to request review of the package by the security
team
[  349s] 
[  349s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000)
org.libvirt.api.nwfilter.binding-create (no:no:no)
[  349s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000)
org.libvirt.api.nwfilter.binding-delete (no:no:no)
[  349s] The privilege is not listed in /etc/polkit-default-privs.* which makes
it
[  349s] harder for admins to find. If the package is intended for inclusion in
any
[  349s] SUSE product please open a bug report to request review of the package
by the
[  349s] security team

Beyond opening this bug I'm not sure what is required on my part so please let
me know if I have an actionable item :-). Thanks!

You are receiving this mail because: