|
Bugzilla – Full Text Bug Listing |
| Summary: | AUDIT-WHITELIST: kubernetes1.28, kubernetes1.27, kubernetes1.26, kubernetes1.25, kubernetes1.24 : audit of sysctl.d drop-in configuration files for kubeadm binary | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Priyanka Saggu <priyanka.saggu> |
| Component: | Audits | Assignee: | Filippo Bonazzi <filippo.bonazzi> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P2 - High | CC: | felix.niederwanger, filippo.bonazzi, meissner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Priyanka Saggu
2023-09-20 19:59:12 UTC
For the packages — kubernetes1.28, kubernetes1.27, kubernetes1.26, kubernetes1.25, and kubernetes1.24, found in OBS in "openSUSE:Factory:Staging:adi:18", I would like a whitelisting for the following rpmlint error: ### kubernetes1.28 ``` [ 477s] kubernetes1.28-kubeadm.x86_64: E: sysctl-file-unauthorized (Badness: 10000) /usr/lib/sysctl.d/90-kubeadm.conf (sha256 file digest default filter:5f49eab5bfbb68772cb4b2cc32f8192063a15aa834c0707b554dd5871443f580 shell filter:43e95061f764465452c91708145e6d5948ab0e4750ed9ce98b59e1a1f223f45a xml filter:<failed-to-calculate>) [ 477s] Packaging sysctl.d drop-in configuration files requires a review and [ 477s] whitelisting by the SUSE security team. If the package is intended for [ 477s] inclusion in any SUSE product please open a bug report to request review of [ 477s] the package by the security team. Please refer to [ 477s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 477s] more information. ``` ### kubernetes1.27 ``` [ 455s] kubernetes1.27-kubeadm.x86_64: E: sysctl-file-digest-mismatch (Badness: 10000) /usr/lib/sysctl.d/90-kubeadm.conf expected sha256:e2c2ac17097616ee184af9965776f83ad87dcf9e82ada5c8a3ea0f8371813fe8, has:43e95061f764465452c91708145e6d5948ab0e4750ed9ce98b59e1a1f223f45a [ 455s] A whitelisting related sysctl.d drop-in file changed in content. Packaging [ 455s] sysctl.d drop in configuration files requires a review and whitelisting by the [ 455s] SUSE security team. If the package is intended for inclusion in any SUSE [ 455s] product please open a bug report to request review of the package by the [ 455s] security team. Please refer to [ 455s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 455s] more information. ``` ### kubernetes1.26 ``` [ 470s] kubernetes1.26-kubeadm.x86_64: E: sysctl-file-digest-mismatch (Badness: 10000) /usr/lib/sysctl.d/90-kubeadm.conf expected sha256:e2c2ac17097616ee184af9965776f83ad87dcf9e82ada5c8a3ea0f8371813fe8, has:43e95061f764465452c91708145e6d5948ab0e4750ed9ce98b59e1a1f223f45a [ 470s] A whitelisting related sysctl.d drop-in file changed in content. Packaging [ 470s] sysctl.d drop in configuration files requires a review and whitelisting by the [ 470s] SUSE security team. If the package is intended for inclusion in any SUSE [ 470s] product please open a bug report to request review of the package by the [ 470s] security team. Please refer to [ 470s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 470s] more information. ``` ### kubernetes1.25 ``` [ 519s] kubernetes1.25-kubeadm.x86_64: E: sysctl-file-digest-mismatch (Badness: 10000) /usr/lib/sysctl.d/90-kubeadm.conf expected sha256:e2c2ac17097616ee184af9965776f83ad87dcf9e82ada5c8a3ea0f8371813fe8, has:43e95061f764465452c91708145e6d5948ab0e4750ed9ce98b59e1a1f223f45a [ 519s] A whitelisting related sysctl.d drop-in file changed in content. Packaging [ 519s] sysctl.d drop in configuration files requires a review and whitelisting by the [ 519s] SUSE security team. If the package is intended for inclusion in any SUSE [ 519s] product please open a bug report to request review of the package by the [ 519s] security team. Please refer to [ 519s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 519s] more information. ``` ### kubernetes1.24 ``` [ 516s] kubernetes1.24-kubeadm.x86_64: E: sysctl-file-digest-mismatch (Badness: 10000) /usr/lib/sysctl.d/90-kubeadm.conf expected sha256:e2c2ac17097616ee184af9965776f83ad87dcf9e82ada5c8a3ea0f8371813fe8, has:43e95061f764465452c91708145e6d5948ab0e4750ed9ce98b59e1a1f223f45a [ 516s] A whitelisting related sysctl.d drop-in file changed in content. Packaging [ 516s] sysctl.d drop in configuration files requires a review and whitelisting by the [ 516s] SUSE security team. If the package is intended for inclusion in any SUSE [ 516s] product please open a bug report to request review of the package by the [ 516s] security team. Please refer to [ 516s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 516s] more information. ``` --- Full logs are available at: kubernetes1.28 - https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:adi:18/kubernetes1.28/standard/x86_64 kubernetes1.27 - https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:adi:18/kubernetes1.27/standard/x86_64 kubernetes1.26 - https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:adi:18/kubernetes1.26/standard/x86_64 kubernetes1.25 - https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:adi:18/kubernetes1.25/standard/x86_64 kubernetes1.24 - https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:adi:18/kubernetes1.24/standard/x86_64 Hi, this is blocking factory submissions, can you take a look soonish? Submitted in https://build.opensuse.org/request/show/1113857 |