Bug 1215441 - AUDIT-0: sddm-qt6: D-Bus service review for packaging change
Summary: AUDIT-0: sddm-qt6: D-Bus service review for packaging change
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Wolfgang Frisch
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-18 12:05 UTC by Fabian Vogt
Modified: 2023-10-12 12:24 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fabian Vogt 2023-09-18 12:05:29 UTC 
With https://build.opensuse.org/project/show/home:Vogtinator:sddmqt6 (currently submitted as sr#1111399), there will be two builds of sddm: sddm (Qt 5 based) and sddm-qt6 (Qt 6 based). Both ship an identical /usr/share/dbus-1/system.d/sddm_org.freedesktop.DisplayManager.conf.
As the whitelisting is bound to the package name and not just the file hash, rpmlint complains:

[   94s] sddm-qt6.x86_64: E: dbus-file-unauthorized (Badness: 10) /usr/share/dbus-1/system.d/sddm_org.freedesktop.DisplayManager.conf (sha256 file digest default filter:daa7d493ab968d706530339465449d98e09a5f717c230b85bf0f0e3d1365de2c shell filter:b3416d1bd9f087c9be887c1610296a116cb16a5f04e81fc0d61275ccbbc99842 xml filter:4b4cbecadaf6124b64d65abcc27157a154f4f3544b1a68b1f0754282e6766c8f)
[   94s] Packaging D-Bus services requires a review and whitelisting by the SUSE
[   94s] security team. If the package is intended for inclusion in any SUSE product
[   94s] please open a bug report to request review of the package by the security
[   94s] team. Please refer to
[   94s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for
[   94s] more information.
Comment 1 Wolfgang Frisch 2023-09-18 12:15:58 UTC 
Thanks for the report. This should be a quick one.
Comment 2 OBSbugzilla Bot 2023-09-18 13:35:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1215441) was mentioned in
https://build.opensuse.org/request/show/1111991 Factory / rpmlint
Comment 4 Wolfgang Frisch 2023-10-12 12:24:46 UTC 
Resolved.