https://bugzilla.redhat.com/show_bug.cgi?id=1645172 --- Comment #17 from dan.cermak@xxxxxxxxxxxxxxxxxxx --- (In reply to Jaroslav Škarvada from comment #16) > (In reply to Ondrej Dubaj from comment #15) > > It builds for me also. But using rpmlint I get these errors: > > > > $ rpmlint RPMS/x86_64/firejail-0.9.56-3.fc28.x86_64.rpm > > firejail.x86_64: E: setuid-binary /usr/bin/firejail root 4755 > > firejail.x86_64: E: non-standard-executable-perm /usr/bin/firejail 4755 > > > > I am not exactly sure if it will be better to remove the suid bit or to > > ignore these errors. > > This is false positive (in this case). While firejail itself would like to be setuid root, that could be a security problem. See for instance this discussion on the SUSE Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1059013 . They have decided to drop the suid root and instead create a Firejail group, to which each user must add themselves (see SUSE's spec: https://build.opensuse.org/package/view_file/Virtualization/firejail/firejail.spec?expand=1). Maybe we could consider that option, too? -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
