Package: libparted2 Version: 3.2-20 Severity: normal http://oss.tresys.com/pipermail/refpolicy/2018-February/010476.html
The udisks2 access to /dev/mem is discussed on the SE Linux list at the above URL. https://sources.debian.org/patches/parted/3.2-20/gptsync.patch/ It seems that the access is due to the above patch that was copied from an older version of dmidecode. http://oss.tresys.com/pipermail/refpolicy/2018-February/010486.html According to the above message newer versions of dmidecode use /sys/firmware/dmi/tables/DMI which seems like a better way of doing it. Please change libparted2 to use code from a newer version of dmidecode so it doesn't need to access /dev/mem. Removing access to /dev/mem allows running with minimum privileges (access to /dev/mem means ultimate access to the system) and avoids potential reliability issues if there is an accidental read from a memory mapped device. -- System Information: Debian Release: buster/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Enforcing - Policy name: default Versions of packages libparted2 depends on: ii libblkid1 2.30.2-0.3 ii libc6 2.26-6 ii libdevmapper1.02.1 2:1.02.145-4.1 ii libuuid1 2.30.2-0.3 libparted2 recommends no packages. Versions of packages libparted2 suggests: ii libparted-dev 3.2-20 pn libparted-i18n <none> ii parted 3.2-20 -- no debconf information
