From 57e1da276172a2dc0750e37c4c7be1127dd80dc1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 29 May 2019 09:07:33 +0200
Subject: [PATCH] Teach rpmlint that no setgroups() call is fine

---
 quota.rpmlintrc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/quota.rpmlintrc b/quota.rpmlintrc
index 97fd8c5..d165974 100644
--- a/quota.rpmlintrc
+++ b/quota.rpmlintrc
@@ -1,3 +1,10 @@
 from Config import *
 addFilter("summary-not-capitalized C quota_nld");
 addFilter("spelling-error .* (cron|Gettext|netlink)");
+# We do not package any programs as SUID or SGID, thus the programs do not
+# change EUID of EGID. Also the programs do not edit a set of supplementary
+# groups before dropping the priviledges by calling setgid() and setuid().
+# Thus no foreign supplementary groups can leak into the priviledge-lowered
+# program. I.e. the priviledge-lowered program has the same supplementary
+# groups as the user that executed the high-priviledged program.
+addFilter("quota..*: E: missing-call-to-setgroups-before-setuid");