Comment 6 for bug 1803958

Are you deploying zkey/zkey-cryptsetup with setuid bit on?
Do you allow calls to zkey/zkey-cryptesetup with sudoers?
Do you allow to elevate to root whilst executing zkey/zkey-cryptsetup with policykit?

as in opening it up to execute zkey/zkey-cryptsetup with escalated privileges by otherwise non-privileged users?

Cause by default, zkey/zkey-cryptsetup is shipped without setuid, and effectively is harmless when called by non-privileged users without an ability to escalate privileges (by setting/controlling PATH environment, or any other means).