Bug 1217187

Summary: AUDIT-WHITELIST: powerdevil6: new revision of D-Bus services org.kde.powerdevil.*
Product: [Novell Products] SUSE Security Incidents Reporter: Matthias Gerstner <matthias.gerstner>
Component: AuditsAssignee: Matthias Gerstner <matthias.gerstner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: christophe, opensuse-kde-bugs, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1217076    

Description Matthias Gerstner 2023-11-15 13:09:41 UTC 
+++ This bug was initially created as a clone of Bug #1217076

Sub bug for a bunch of new D-Bus interfaces in KDE6.

Package is found in KDE:Unstable:Frameworks/powerdevil6.

powerdevil6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system.d/org.kde.powerdevil.backlighthelper.conf
powerdevil6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system.d/org.kde.powerdevil.chargethresholdhelper.conf
powerdevil6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system-services/org.kde.powerdevil.backlighthelper.service
powerdevil6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system.d/org.kde.powerdevil.discretegpuhelper.conf
powerdevil6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system-
services/org.kde.powerdevil.chargethresholdhelper.service
powerdevil6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system-services/org.kde.powerdevil.discretegpuhelper.service
Comment 1 Matthias Gerstner 2023-11-29 13:21:24 UTC 
I'll look into this
Comment 2 Matthias Gerstner 2023-11-30 12:48:33 UTC 
These three kauth helpers are small or in the case of discretegpuhelper even
tiny. They all only operate within /sys and have well defined and restrictive
APIs. I don't see any problems.

As with the other bugs we will do a short follow-up review when the KDE6
release is drawing near and then adjust our whitelistings.
Comment 3 Matthias Gerstner 2023-11-30 12:56:54 UTC 
The upstream Git commit I reviewed so far is 3de931d6
Comment 4 Matthias Gerstner 2024-02-14 10:13:11 UTC 
The package to be submitted is now found in KDE:Frameworks/powerdevil6. The
version found there is v5.93.0. There was quite some activity in the upstream
repository since the review happened. But the privileged components are mostly
untouched.

Whitelisting can start.
Comment 6 Matthias Gerstner 2024-02-21 14:44:14 UTC 
The whitelisting is in Factory now. Closing as fixed.