On 29.08.2023 21:35, Jan Engelhardt wrote:
On Tuesday 2023-08-29 20:09, Andrei Borzenkov wrote:
As I said in my previous posting, at least SUID permissions cannot be set in the spec file that builds an rpm.
user@uefi:~> rpm -q --dump -f /usr/sbin/unix_chkpwd | grep unix_chkpwd /usr/sbin/unix_chkpwd 26928 1691846723 1bfe8e2870486dc504a9ef5acf38da50d14b3bb602dc0f959865d395fc6c38fb 0104755 root shadow 0 0 0 X user@uefi:~>
As you see, rpm has no problems packaging SUID file.
%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd
May be there are some white-/blacklist, I do not know.
rpmlint/checks/FilesCheck.py: self.output.add_info('E', pkg, 'setuid-binary', fname, user, '%o' % perm)
And how does it explain that pam package has SUID binary? This check is apparently filtered out by default in rpmlint/configs/openSUSE/opensuse.toml. This message is not present in pam build log.