> > # zypp - allow opensuseupdater to do its job > > /usr/sbin/zypp-checkpatches-wrapper root:root 4755 > > > > > > Regards, > > > > Christian Boltz > what about a default apparmor wrap on opensuse updater?
It calls /usr/sbin/zypp-checkpatches-wrapper, which would need one and then it will be quiet difficult to confine this setuid root binary. In general... The reason the zypp-checkpatches-wrapper is setuid root is mostly for keeping potential privacy information in the configured repositories ... Think user/password pairs for FTP servers, or for SLE the deviceid/secret pairs. Also for not doing the download twice, but this could be done in a cron job. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
