Bug 1189899 - AUDIT-0: low-memory-monitor: Package installs new dbus service file
AUDIT-0: low-memory-monitor: Package installs new dbus service file
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Matthias Gerstner
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2021-08-27 18:34 UTC by Atri Bhattacharya
Modified: 2021-09-27 10:18 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Atri Bhattacharya 2021-08-27 18:34:25 UTC
For my package found in OBS in Base:System/low-memory-monitor [1] I would like a whitelisting for the following rpmlint error:

low-memory-monitor.aarch64: E: suse-dbus-unauthorized-service (Badness: 10) /usr/share/dbus-1/system.d/org.freedesktop.LowMemoryMonitor.conf

Requesting the white-listing because I would like to submit this package to Factory if approved.

Thank you.

[1] https://build.opensuse.org/package/show/Base:System/low-memory-monitor
Comment 1 Matthias Gerstner 2021-08-30 08:48:04 UTC
Thank you for opening the review bug. This package is also small so we will
schedule the review and it should not take too long to finish it.
Comment 2 Matthias Gerstner 2021-09-02 07:55:34 UTC
This service should be uncritical. It only implements a D-Bus signal for
others to consume when low memory situations arise. The code only interacts
with /proc/pressure and the `mlockall()` system call. The systemd service
configuration also pretty much hardens what the service can do so the risk is

I will whitelist this service. The whitelisting can take a bit longer than
usual, because in openSUSE:Factory a major rpmlint update has taken place and
our whitelist management changed. Please be patient.
Comment 3 Atri Bhattacharya 2021-09-02 12:34:15 UTC
Many thanks for the quick review.
Comment 4 Johannes Segitz 2021-09-21 07:08:51 UTC
The whitelist is now added to rpmlint. As Matthias already explained we currently have some major changes there in progress and because of this I won't submit this right away, we need to sort out some issues first. But it will be in the next submission as it's already on github now
Comment 5 Atri Bhattacharya 2021-09-27 10:18:18 UTC
This seems to be in Factory already, and we can close this. Many thanks Matthias and Johannes.