[Bug 1185469] New: [AUDIT] systemd-network.x86_64: W: polkit-changed-rules /usr/share/polkit-1/rules.d/60-systemd-networkd.rules
https://bugzilla.suse.com/show_bug.cgi?id=1185469 Bug ID: 1185469 Summary: [AUDIT] systemd-network.x86_64: W: polkit-changed-rules /usr/share/polkit-1/rules.d/60-systemd-networkd.rules Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: fbui@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Can you please review the changes in /usr/share/polkit-1/rules.d/60-systemd-networkd.rules [1] introduced by systemd v248 ? I think only the file header changed. Thanks [1] https://github.com/openSUSE/systemd/blob/openSUSE-Factory/src/network/system... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185469 https://bugzilla.suse.com/show_bug.cgi?id=1185469#c1 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |matthias.gerstner@suse.com --- Comment #1 from Matthias Gerstner <matthias.gerstner@suse.com> --- I will look into it. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185469 https://bugzilla.suse.com/show_bug.cgi?id=1185469#c2 --- Comment #2 from Matthias Gerstner <matthias.gerstner@suse.com> --- I can confirm it is only non-functional changes to the rules file. I will adjust the whitelisting. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185469 https://bugzilla.suse.com/show_bug.cgi?id=1185469#c3 --- Comment #3 from Franck Bui <fbui@suse.com> --- Maybe the script that looks for changes could skip comments... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185469 https://bugzilla.suse.com/show_bug.cgi?id=1185469#c4 --- Comment #4 from Matthias Gerstner <matthias.gerstner@suse.com> --- (In reply to fbui@suse.com from comment #3)
Maybe the script that looks for changes could skip comments...
Yes, good idea. We already thought about that. It is a bit difficult, because the whitelisting mechanism is generic and we would need to be able to configure different filters like for shell like comments, C-like comments and so on. Also we are in a limbo for an unknown amount of time because of the unfinished migration towards rpmlint2. We do have this feature on our todo list, however. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185469 https://bugzilla.suse.com/show_bug.cgi?id=1185469#c5 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #5 from Matthias Gerstner <matthias.gerstner@suse.com> --- whitelisting has been submitted to Factory -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185469 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[AUDIT] |AUDIT-0: systemd-network: |systemd-network.x86_64: W: |W: polkit-changed-rules |polkit-changed-rules |/usr/share/polkit-1/rules.d |/usr/share/polkit-1/rules.d |/60-systemd-networkd.rules |/60-systemd-networkd.rules | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1185469 https://bugzilla.suse.com/show_bug.cgi?id=1185469#c7 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #7 from Matthias Gerstner <matthias.gerstner@suse.com> --- whitelisting should be complete by now -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com