https://bugzilla.suse.com/show_bug.cgi?id=1226083 Bug ID: 1226083 Summary: AUDIT-0: valkey: Audit sysctl files and user+group for whitelists Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: ngompa13@gmail.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- I've submitted Valkey (a community-developed fork of Redis) to Factory (https://build.opensuse.org/request/show/1179160), but the submission build bombs out in staging with the following error: [ 340s] valkey.x86_64: E: sysctl-file-unauthorized (Badness: 10000) /usr/lib/sysctl.d/00-valkey.conf (sha256 file digest default filter:0808640fa6dadb334bb6efacea7cf703095f9e44e964186cff673ca5e192fecc shell filter:7642699dc64ccba77154ede500b8657989cbe0e82c67753a3df8c334efa0a8f8 xml filter:<failed-to-calculate>) [ 340s] Packaging sysctl.d drop-in configuration files requires a review and [ 340s] whitelisting by the SUSE security team. If the package is intended for [ 340s] inclusion in any SUSE product please open a bug report to request review of [ 340s] the package by the security team. Please refer to [ 340s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 340s] more information. [ 340s] [ 340s] valkey.x86_64: W: non-standard-uid /run/valkey valkey [ 340s] valkey.x86_64: W: non-standard-uid /var/lib/valkey valkey [ 340s] valkey.x86_64: W: non-standard-uid /var/lib/valkey/default valkey [ 340s] valkey.x86_64: W: non-standard-uid /var/log/valkey valkey [ 340s] A file in this package is owned by an unregistered user id. To register the [ 340s] user, please make a pull request to the rpmlint config file [ 340s] configs/openSUSE/users-groups.toml in the rpmlint repository. [ 340s] [ 340s] valkey.x86_64: W: non-standard-gid /etc/valkey valkey [ 340s] valkey.x86_64: W: non-standard-gid /etc/valkey/default.conf.example valkey [ 340s] valkey.x86_64: W: non-standard-gid /etc/valkey/sentinel.conf.example valkey [ 340s] valkey.x86_64: W: non-standard-gid /run/valkey valkey [ 340s] valkey.x86_64: W: non-standard-gid /var/lib/valkey valkey [ 340s] valkey.x86_64: W: non-standard-gid /var/lib/valkey/default valkey [ 340s] valkey.x86_64: W: non-standard-gid /var/log/valkey valkey [ 340s] A file in this package is owned by an unregistered group id. To register the [ 340s] group, please make a pull request to the rpmlint config file [ 340s] configs/openSUSE/users-groups.toml in the rpmlint repository. I leveraged the original Redis packaging in openSUSE as the basis of the Valkey package. The sysctl file in here is the same file as in the Redis package, with only the word "redis" replaced with "valkey" in the text. The user and group is basically the same definition with "redis" replaced with "valkey". I'd like this to be whitelisted so that it can land in Factory. -- You are receiving this mail because: You are on the CC list for the bug.