Mailinglist Archive: opensuse-factory (1193 mails)

< Previous Next >
[opensuse-factory] rpmlint-checks: I: polkit-untracked-privilege will become an error

the SUSE security team recently decided to turn the rpmlint check
"polkit-untracked-privilege" into an error. Currently this is only an
informational message. If you get messages like these in your package:

gvfs-backends.x86_64: I: polkit-untracked-privilege
org.gtk.vfs.file-operations (no:no:auth_admin_keep)

then they will become an error with 10.000 extra badness in the future,
as is the case with other polkit related errors. This affects all
packages in openSUSE:Factory.

The rationale behind that is that even though these polkit rules seem
harmless (only locally logged in users with admin privileges can acquire
the polkit privilege), they can expose security issues. This is because
the correct enforcement of the polkit policy is depending on the
individual package's polkit adaption.

Therefore such packages must go through a review process with the
security team. You can trigger this process by opening a bug against
security-team@xxxxxxx and adding an AUDIT prefix to the bug summary.
For more about this please refer to this wiki page:

We don't expect many packages to be affected by this. If you have any
questions please reach out to us.

Thank you


Matthias Gerstner <matthias.gerstner@xxxxxxx>
Dipl.-Wirtsch.-Inf. (FH), Security Engineer
Telefon: +49 911 740 53 290
GPG Key ID: 0x14C405C971923553

SUSE Linux GmbH
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nuernberg)
< Previous Next >