[Bug 1144077] New: AUDIT-0: libvirt: new polkit permissions for checkpoint
http://bugzilla.suse.com/show_bug.cgi?id=1144077 Bug ID: 1144077 Summary: AUDIT-0: libvirt: new polkit permissions for checkpoint Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: jfehlig@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Here we go again. Upcoming libvirt 5.6.0 gets a new polkit permission for the checkpoint object via commit 4f0438ef7c5, which causes the following lint failure [ 541s] libvirt-daemon.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.libvirt.api.domain.checkpoint (no:no:no) Hopefully non-controversial to whitelist with the 'no:no:no' perms. Failing package can be found here https://build.opensuse.org/package/show/home:jfehlig:branches:Virtualization... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1144077
http://bugzilla.suse.com/show_bug.cgi?id=1144077#c1
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1144077
http://bugzilla.suse.com/show_bug.cgi?id=1144077#c2
--- Comment #2 from James Fehlig
So you need this with all the backports again?
Yes, sorry.
We really need to streamline this process for backports somehow, I'm already having this on the team agenda.
Options from my side: 1. Disable build for anything but Factory 2. Patch out new functionality for older distros 1 is doable but I would certainly get complaints. I really dislike 2 and not even sure why I mentioned it :-). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1144077
http://bugzilla.suse.com/show_bug.cgi?id=1144077#c3
Johannes Segitz
http://bugzilla.suse.com/show_bug.cgi?id=1144077
http://bugzilla.suse.com/show_bug.cgi?id=1144077#c4
Johannes Segitz
http://bugzilla.suse.com/show_bug.cgi?id=1144077
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1144077
http://bugzilla.suse.com/show_bug.cgi?id=1144077#c6
--- Comment #6 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1144077
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1144077
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1144077
http://bugzilla.suse.com/show_bug.cgi?id=1144077#c8
--- Comment #8 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1144077
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1144077
http://bugzilla.suse.com/show_bug.cgi?id=1144077#c9
Matthias Gerstner
participants (1)
-
bugzilla_noreply@novell.com