https://bugzilla.redhat.com/show_bug.cgi?id=2308448 --- Comment #25 from Ming Lei <minlei@xxxxxxxxxx> --- (In reply to Fabio Valentini from comment #24) > Thank you for the update, package looks good to me now. Thanks for the review! > > There's just two minor issues pointed out by rpmlint that need to be > clarified: > > > rublk.x86_64: W: unused-direct-shlib-dependency /usr/bin/rublk /lib64/libm.so.6 > > Not sure where this comes from? It should be from `libc` crate, which is used by rublk. Google shows this warning is very common. > > > rublk.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/rublk > > This one looks slightly concerning - is rublk supposed to be a SUID binary? > > Those have been getting phased out since Fedora 15 (!): > https://fedoraproject.org/wiki/Features/RemoveSETUID > > *If* the rublk executable is supposed to be a SUID binary, then it needs to > be marked as such in packaging with the correct attribute, otherwise the > SUID bit will not be set on the file. > > And independently, it looks like the setuid code isn't handled correctly > upstream, according to the rpmlint error. I think this one is a false positive since rublk does not call setuid/setgid. 'objdump -D's shows both setuid/setgid are called from daemonize crate symbols only, which is one Fedora package, and rublk binary needn't to change uid/gid. Any application built against rust-daemonize-devel should trigger such rpmlint warning if it is built as rpm, since I can see similar setuid/setgid pattern in the built daemonize hello-world binary. Thanks, -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2308448 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202308448%23c25 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
