So this is just a small shell wrapper around `machinectl` and some Polkit rule
files that allow members of a configurable group to pass polkit authentication
for the 'org.freedesktop.machine1.host-shell' Polkit action.

The sub packages fudo-policy-noauth-wheel and fudo-policy-selfauth-wheel allow
members of wheel to pass this check without password or with the calling
user's password.

I'm not sure about the choice of group, as we have discussed in another bug
recently wheel is currently only used as an exception in Flatpak and then in
the new openSUSE Aeon where they aim for a "single desktop user -equals-
Admin" approach.

Do we want to start overloading `wheel` for different things or would it make
more sense to have a dedicated group for `fudo`?

wheel is not meant to be used at all by the OS vendor *by default*. This must be up to the admin to decide. Doesn't mean we can't offer a an optional(!) package instead of requiring edits in /etc. I'd add a subpackage requiring system-group-sudo once once the new sudo setup is in Factory.

Flatpak and Aeon need to be fixed to not use the wheel group *by default*.

Agreed. I will submit whitelistings for your package.

The changes will likely be submitted to Factory's rpmlint today.

The whitelisting should be effective, closing as fixed.