Bug 1125434

Summary: PackageKit: removal of /usr/share/polkit-1/rules.d/org.freedesktop.packagekit.rules
Product: [openSUSE] openSUSE Tumbleweed Reporter: Matthias Gerstner <matthias.gerstner>
Component: SecurityAssignee: Jonathan Kang <songchuan.kang>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: matthias.gerstner, security-team
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1125314    

Description Matthias Gerstner 2019-02-14 11:12:46 UTC 
As described in bug 1125314 we want to remove polkit rules files that grant
members of the wheel group special privileges. PackageKit ships one such rules
file in /usr/share/polkit-1/rules.d/org.freedesktop.packagekit.rules.

This file is currently not effective anyways, because the polkit-default-privs
take precendence over it. I suggest to move this file to /usr/share/doc/...
as an example for users that want to manually enable this rule on their system.
Comment 1 Matthias Gerstner 2019-03-15 14:10:42 UTC 
A new rpmlint-check is effective in Factory by now that generates a warning
about files installed in rules.d without a whitelisting. In a while we will
make this an error. So please adjust your package accordingly to avoid a
broken build. Thank you.
Comment 4 Jonathan Kang 2019-04-02 10:29:09 UTC 
Closing this.

The fix has been accepted in GNOME:Factory[1], but not openSUSE:Factory yet.

*[1] https://build.opensuse.org/request/show/686867