displaylink-driver-6.0.0-alt1.24.x86_64 10 fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /lib/systemd/system-sleep/displaylink.sh: $ grep /tmp/ /lib/systemd/system-sleep/displaylink.sh # Copyright (c) 2015 - 2019 DisplayLink (UK) Ltd. suspend_displaylink-driver() { #flush any bytes in pipe while read 1 SUSPEND_RESULT < /tmp/PmMessagesPort_out; do : ; done; #suspend DisplayLinkManager echo "S" > /tmp/PmMessagesPort_in if [ /tmp/PmMessagesPort_out ]; then #wait until suspend of DisplayLinkManager finish read 1 SUSPEND_RESULT < /tmp/PmMessagesPort_out fi } resume_displaylink-driver() { #resume DisplayLinkManager echo "R" > /tmp/PmMessagesPort_in } main_systemd() { case "\$1/\$2" in; displaylink-driver-6.0.0-alt1.24.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libevdi.so but just /usr/lib64/libevdi.so.1.14.4. According to SharedLibs Policy Draft, symlink /usr/lib64/libevdi.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libevdi.so to \%files of displaylink-driver-6.0.0-alt1.24.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; displaylink-driver-6.0.0-alt1.24.x86_64 systemd-but-no-native-init experimental The package have native systemd file(s) but no SysV init scripts.