Bug 1194047 - enlightenment fails in rpmlint check in Backports:SLE-15-SP4 for armv7
enlightenment fails in rpmlint check in Backports:SLE-15-SP4 for armv7
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 15.4
armv7 Other
: P5 - None : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-12-23 13:56 UTC by Guillaume GARDET
Modified: 2022-07-15 02:18 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Guillaume GARDET 2021-12-23 13:56:24 UTC
enlightenment fails in rpmlint check in Backports:SLE-15-SP4 for armv7 with:

enlightenment.armv7hl: E: permissions-file-setuid-bit (Badness: 10000) /usr/lib/enlightenment/utils/enlightenment_system is packaged with setuid/setgid bits (04755)

Other architectures are fine.

Full log:
https://build.opensuse.org/package/live_build_log/openSUSE:Backports:SLE-15-SP4/enlightenment/step/armv7l
Comment 1 Simon Lees 2021-12-30 04:24:25 UTC
Re assigning to the security team, it isn't an issue on other arch's because enlightenment is in the whitelist I guess its missing from a whitelist in this case.
Comment 2 openQA Review 2022-01-14 00:00:54 UTC
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: otherDE_enlightenment
https://openqa.opensuse.org/tests/2129658

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
Comment 3 Max Lin 2022-05-11 16:47:47 UTC
I did a quick look, we do have this in permissions,

# enlightenment privileged desktop operations (bsc#1169238)                                                                                       
/usr/lib64/enlightenment/utils/enlightenment_system     root:root  4755

according to the buildlog, this file is packaged to /usr/lib/enlightenment/utils/enlightenment_system , lib vs lib64, that is probably the reason why this package only fails to pass permission check on armv7.
Comment 4 Guillaume GARDET 2022-06-01 09:15:25 UTC
As backport project is frozen in OBS, could we get it via update?
Comment 5 Max Lin 2022-06-01 11:37:34 UTC
(In reply to Guillaume GARDET from comment #4)
> As backport project is frozen in OBS, could we get it via update?

First we need a fixed permissions package add to SLE update, then rebuild enlightenment in Backports update afterward.
Comment 6 openQA Review 2022-06-16 00:05:57 UTC
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: otherDE_enlightenment
https://openqa.opensuse.org/tests/2417394#step/install_otherDE_pattern/1

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`

Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.
Comment 7 openQA Review 2022-07-15 02:18:19 UTC
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: otherDE_enlightenment
https://openqa.opensuse.org/tests/2463213#step/install_otherDE_pattern/1

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`

Expect the next reminder at the earliest in 56 days if nothing changes in this ticket.