From 033373b3a99a6e023a5a3a4261b81d884052258c Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 18 Mar 2023 14:47:18 +0000
Subject: [PATCH] FHS: Allow some setuid binaries

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/libpakfire/fhs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index 6daf8258..ebd8f797 100644
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -61,6 +61,11 @@ static const struct pakfire_fhs_check {
 	{ "/usr/bin/*",           S_IFDIR,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 	{ "/usr/sbin/*",          S_IFDIR,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 
+	// Permitted setuid binaries
+	{ "/usr/bin/passwd",      S_IFREG, 4755, "root", "root", 0 },
+	{ "/usr/bin/su",          S_IFREG, 4755, "root", "root", 0 },
+	{ "/usr/bin/sudo",        S_IFREG, 4755, "root", "root", 0 },
+
 	// Any files in /usr/{,s}bin must be owned by root and have 0755
 	{ "/usr/bin/*",           S_IFREG, 0755, "root", "root", 0 },
 	{ "/usr/sbin/*",          S_IFREG, 0755, "root", "root", 0 },
-- 
2.47.3