[Bug 1144077] New: AUDIT-0: libvirt: new polkit permissions for checkpoint

bugzilla_noreply＠novell.com

2 Aug 2019 2 Aug '19

17:19

http://bugzilla.suse.com/show_bug.cgi?id=1144077 Bug ID: 1144077 Summary: AUDIT-0: libvirt: new polkit permissions for checkpoint Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: jfehlig@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Here we go again. Upcoming libvirt 5.6.0 gets a new polkit permission for the checkpoint object via commit 4f0438ef7c5, which causes the following lint failure [ 541s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.libvirt.api.domain.checkpoint (no:no:no) Hopefully non-controversial to whitelist with the 'no:no:no' perms. Failing package can be found here https://build.opensuse.org/package/show/home:jfehlig:branches:Virtualization... -- You are receiving this mail because: You are on the CC list for the bug.

Attachments:

attachment.htm (text/html — 2.7 KB)

Show replies by date

bugzilla_noreply＠novell.com

5 Aug 5 Aug

09:49

New subject: [Bug 1144077] AUDIT-0: libvirt: new polkit permissions for checkpoint

http://bugzilla.suse.com/show_bug.cgi?id=1144077 http://bugzilla.suse.com/show_bug.cgi?id=1144077#c1 Matthias Gerstner changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |matthias.gerstner@suse.com --- Comment #1 from Matthias Gerstner --- Ah that was quick with a new addition ;) So you need this with all the backports again? We really need to streamline this process for backports somehow, I'm already having this on the team agenda. -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla_noreply＠novell.com

15:47

New subject: [Bug 1144077] AUDIT-0: libvirt: new polkit permissions for checkpoint

http://bugzilla.suse.com/show_bug.cgi?id=1144077 http://bugzilla.suse.com/show_bug.cgi?id=1144077#c2 --- Comment #2 from James Fehlig --- (In reply to Matthias Gerstner from comment #1)

...

So you need this with all the backports again?

Yes, sorry.

...

We really need to streamline this process for backports somehow, I'm already having this on the team agenda.

Options from my side: 1. Disable build for anything but Factory 2. Patch out new functionality for older distros 1 is doable but I would certainly get complaints. I really dislike 2 and not even sure why I mentioned it :-). -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla_noreply＠novell.com

6 Aug 6 Aug

07:26

New subject: [Bug 1144077] AUDIT-0: libvirt: new polkit permissions for checkpoint

http://bugzilla.suse.com/show_bug.cgi?id=1144077 http://bugzilla.suse.com/show_bug.cgi?id=1144077#c3 Johannes Segitz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsegitz@suse.com --- Comment #3 from Johannes Segitz --- (In reply to James Fehlig from comment #2) We are working on converting these errors into warnings in devel projects, so that could be option 3. We'll discuss it this week, maybe this is a viable solution I'll work on adding the new permissions -- You are receiving this mail because: You are on the CC list for the bug.