rpms
/
fapolicyd
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:c10-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

7 changed files with 156 additions and 298 deletions
Show Stats

4
.fapolicyd.metadata
Unescape View File

@ -1,3 +1,3 @@
f4fc52c6ec16cec13405d66752c0b222fff893e7 SOURCES/fapolicyd-1.3.2.tar.gz
e61573db3de4d229377eebff8252765058ad4ab9 SOURCES/fapolicyd-selinux-0.6.tar.gz
0c3e18b68cc92611ed45fe884229351eaebdf170 SOURCES/fapolicyd-1.3.3.tar.gz
ec91994fc4257a8d1a76e1c98eeccaf97ef4178f SOURCES/fapolicyd-selinux-0.7.tar.gz
fbafa356359ace80787ce6634d84425b40d90907 SOURCES/uthash-2.3.0.tar.gz

4
.gitignore vendored
Unescape View File

@ -1,3 +1,3 @@
SOURCES/fapolicyd-1.3.2.tar.gz
SOURCES/fapolicyd-selinux-0.6.tar.gz
SOURCES/fapolicyd-1.3.3.tar.gz
SOURCES/fapolicyd-selinux-0.7.tar.gz
SOURCES/uthash-2.3.0.tar.gz

78
SOURCES/fapolicyd-leaks.patch
Unescape View File

@ -1,78 +0,0 @@
From 248219377a034d7da9238e7424c97558395700e3 Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Tue, 18 Jul 2023 17:05:11 +0200
Subject: [PATCH] Fix multiple leaks
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
---
src/library/filter.c | 3 +++
src/library/policy.c | 13 +++++++++++--
src/library/rules.c | 3 ---
3 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/src/library/filter.c b/src/library/filter.c
index d5d8cca..eb378ca 100644
--- a/src/library/filter.c
+++ b/src/library/filter.c
@@ -472,9 +472,12 @@ int filter_load_file(void)
msg(LOG_ERR, "filter_load_file: paring error line: %ld, \"%s\"", line_number, line);
filter_destroy_obj(filter);
free(line);
+ line = NULL;
goto bad;
}
+ }
+ if (line) {
free(line);
line = NULL;
}
diff --git a/src/library/policy.c b/src/library/policy.c
index 7fe1210..31ff6e2 100644
--- a/src/library/policy.c
+++ b/src/library/policy.c
@@ -23,6 +23,7 @@
* Radovan Sroka <rsroka@redhat.com>
*/
+#include "attr-sets.h"
#include "config.h"
#include <stdbool.h>
#include <stdio.h>
@@ -273,12 +274,20 @@ int load_rules(const conf_t *_config)
return 1;
FILE * f = open_file();
- if (f == NULL)
+ if (f == NULL) {
+ destroy_attr_sets();
return 1;
+ }
int res = _load_rules(_config, f);
fclose(f);
- return res;
+
+ if (res) {
+ destroy_attr_sets();
+ return 1;
+ }
+
+ return 0;
}
void destroy_rules(void)
diff --git a/src/library/rules.c b/src/library/rules.c
index 5ffa40e..4a8b098 100644
--- a/src/library/rules.c
+++ b/src/library/rules.c
@@ -65,9 +65,6 @@ int rules_create(llist *l)
l->cur = NULL;
l->cnt = 0;
- if (init_attr_sets())
- return 1;
-
return 0;
}

23
SOURCES/fapolicyd-selinux-links.patch
Unescape View File

@ -1,23 +0,0 @@
From 05780f9accae504440ffed0548bd3e4144cfb70e Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Wed, 19 Jul 2023 16:00:13 +0200
Subject: [PATCH] Allow links
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
---
fapolicyd.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fapolicyd-selinux-0.6/fapolicyd.te b/fapolicyd-selinux-0.6/fapolicyd.te
index daf31bd..5d6f9aa 100644
--- a/fapolicyd-selinux-0.6/fapolicyd.te
+++ b/fapolicyd-selinux-0.6/fapolicyd.te
@@ -53,6 +53,8 @@ ifdef(`fs_watch_all_fs',`
files_watch_sb_all_mountpoints(fapolicyd_t)
')
+allow fapolicyd_t file_type : lnk_file { getattr read };
+
manage_files_pattern(fapolicyd_t, fapolicyd_log_t, fapolicyd_log_t)
logging_log_filetrans(fapolicyd_t, fapolicyd_log_t, file)

16
SOURCES/fapolicyd-uthash-bundle.patch
Unescape View File

@ -1,10 +1,10 @@
diff -up ./configure.ac.uthash ./configure.ac
--- ./configure.ac.uthash 2023-06-15 16:45:13.000000000 +0200
+++ ./configure.ac 2023-06-16 14:32:53.112363230 +0200
@@ -96,10 +96,6 @@ AC_CHECK_HEADER(sys/fanotify.h, , [AC_MS
--- ./configure.ac.uthash 2022-09-27 16:34:59.000000000 +0200
+++ ./configure.ac 2022-09-29 11:57:26.297879027 +0200
@@ -162,10 +162,6 @@ AC_CHECK_HEADER(sys/fanotify.h, , [AC_MS
["Couldn't find sys/fanotify.h...your kernel might not be new enough"] )])
AC_CHECK_FUNCS(fexecve, [], [])
AC_CHECK_FUNCS([gettid])
-AC_CHECK_HEADER(uthash.h, , [AC_MSG_ERROR(
-["Couldn't find uthash.h...uthash-devel is missing"] )])
-
@ -13,8 +13,8 @@ diff -up ./configure.ac.uthash ./configure.ac
echo Checking for required libraries
AC_CHECK_LIB(udev, udev_device_get_devnode, , [AC_MSG_ERROR([libudev not found])], -ludev)
diff -up ./src/library/rpm-backend.c.uthash ./src/library/rpm-backend.c
--- ./src/library/rpm-backend.c.uthash 2023-06-16 14:32:53.112363230 +0200
+++ ./src/library/rpm-backend.c 2023-06-16 14:35:20.467338604 +0200
--- ./src/library/rpm-backend.c.uthash 2022-09-29 11:57:26.297879027 +0200
+++ ./src/library/rpm-backend.c 2022-09-29 11:58:45.470119807 +0200
@@ -33,7 +33,7 @@
#include <rpm/rpmpgp.h>
#include <fnmatch.h>
@ -25,8 +25,8 @@ diff -up ./src/library/rpm-backend.c.uthash ./src/library/rpm-backend.c
#include "message.h"
#include "gcc-attributes.h"
diff -up ./src/Makefile.am.uthash ./src/Makefile.am
--- ./src/Makefile.am.uthash 2023-06-15 16:45:13.000000000 +0200
+++ ./src/Makefile.am 2023-06-16 14:32:53.112363230 +0200
--- ./src/Makefile.am.uthash 2022-09-27 16:34:59.000000000 +0200
+++ ./src/Makefile.am 2022-09-29 11:57:26.297879027 +0200
@@ -5,6 +5,9 @@ AM_CPPFLAGS = \
-I${top_srcdir} \
-I${top_srcdir}/src/library

6
SOURCES/selinux.patch
Unescape View File

@ -1,6 +1,6 @@
diff -up ./fapolicyd-selinux-0.6/fapolicyd.te.fix ./fapolicyd-selinux-0.6/fapolicyd.te
--- ./fapolicyd-selinux-0.6/fapolicyd.te.fix 2023-06-15 17:11:47.964646794 +0200
+++ ./fapolicyd-selinux-0.6/fapolicyd.te 2023-06-15 17:13:10.426477653 +0200
diff -up ./fapolicyd-selinux-0.7/fapolicyd.te.fix ./fapolicyd-selinux-0.7/fapolicyd.te
--- ./fapolicyd-selinux-0.7/fapolicyd.te.fix 2023-06-15 17:11:47.964646794 +0200
+++ ./fapolicyd-selinux-0.7/fapolicyd.te 2023-06-15 17:13:10.426477653 +0200
@@ -50,6 +50,9 @@ ifdef(`watch_mount_dirs_pattern',`
ifdef(`fs_watch_all_fs',`

323
SPECS/fapolicyd.spec
Unescape View File

@ -1,12 +1,12 @@
%global selinuxtype targeted
%global moduletype contrib
%define semodule_version 0.6
%define semodule_version 0.7
Summary: Application Whitelisting Daemon
Name: fapolicyd
Version: 1.3.2
Release: 100%{?dist}
License: GPLv3+
Version: 1.3.3
Release: 101%{?dist}
License: GPL-3.0-or-later
URL: http://people.redhat.com/sgrubb/fapolicyd
Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
Source1: https://github.com/linux-application-whitelisting/%{name}-selinux/releases/download/v%{semodule_version}/%{name}-selinux-%{semodule_version}.tar.gz
@ -15,7 +15,7 @@ Source2: https://github.com/troydhanson/uthash/archive/refs/tags/v2.3.0.tar.gz#/
BuildRequires: gcc
BuildRequires: kernel-headers
BuildRequires: autoconf automake make gcc libtool
BuildRequires: systemd-devel openssl-devel rpm-devel file-devel file
BuildRequires: systemd systemd-devel openssl-devel rpm-devel file-devel file
BuildRequires: libcap-ng-devel libseccomp-devel lmdb-devel
BuildRequires: python3-devel
@ -23,17 +23,17 @@ BuildRequires: python3-devel
BuildRequires: uthash-devel
%endif
Requires: %{name}-plugin
Requires: rpm-plugin-fapolicyd
Recommends: %{name}-selinux
Requires(pre): shadow-utils
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Patch1: fapolicyd-uthash-bundle.patch
Patch2: selinux.patch
Patch3: fapolicyd-leaks.patch
Patch4: fapolicyd-selinux-links.patch
Patch1: selinux.patch
# RHEL-specific patches
Patch100: fapolicyd-uthash-bundle.patch
%description
Fapolicyd (File Access Policy Daemon) implements application whitelisting
@ -45,7 +45,8 @@ makes use of the kernel's fanotify interface to determine file access rights.
Summary: Fapolicyd selinux
Group: Applications/System
Requires: %{name} = %{version}-%{release}
BuildRequires: selinux-policy
Requires: selinux-policy-%{selinuxtype}
Requires(post): selinux-policy-%{selinuxtype}
BuildRequires: selinux-policy-devel
BuildArch: noarch
%{?selinux_requires}
@ -60,25 +61,24 @@ The %{name}-selinux package contains selinux policy for the %{name} daemon.
# selinux
%setup -q -D -T -a 1
%patch 1 -p1 -b .selinux
%if 0%{?rhel} != 0
# uthash
%setup -q -D -T -a 2
%patch -P 1 -p1 -b .uthash
%patch 100 -p1 -b .uthash
%endif
%patch -P 2 -p1 -b .selinux
%patch -P 3 -p1 -b .leaks
%patch -P 4 -p1 -b .links
# generate rules for python
sed -i "s|%python2_path%|`readlink -f %{__python2}`|g" rules.d/*.rules
sed -i "s|%python3_path%|`readlink -f %{__python3}`|g" rules.d/*.rules
sed -i "s/%python2_path%/`readlink -f %{__python2} | sed 's/\//\\\\\//g'`/g" rules.d/*.rules
sed -i "s/%python3_path%/`readlink -f %{__python3} | sed 's/\//\\\\\//g'`/g" rules.d/*.rules
# Detect run time linker directly from bash
interpret=`readelf -e /usr/bin/bash \
| grep Requesting \
| sed 's/.$//' \
| rev | cut -d" " -f1 \
| rev`
| grep Requesting \
| sed 's/.$//' \
| rev | cut -d" " -f1 \
| rev`
sed -i "s|%ld_so_path%|`realpath $interpret`|g" rules.d/*.rules
@ -90,7 +90,7 @@ cp INSTALL INSTALL.tmp
--with-rpm \
--disable-shared
make CFLAGS="%{optflags}" %{?_smp_mflags}
%make_build
# selinux
pushd %{name}-selinux-%{semodule_version}
@ -111,12 +111,7 @@ mkdir -p %{buildroot}/%{_localstatedir}/lib/%{name}
mkdir -p %{buildroot}/run/%{name}
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/trust.d
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/rules.d
# get list of file names between known-libs and restrictive from sample-rules/README-rules
cat %{buildroot}/%{_datadir}/%{name}/sample-rules/README-rules \
| grep -A 100 'known-libs' \
| grep -B 100 'restrictive' \
| grep '^[0-9]' > %{buildroot}/%{_datadir}/%{name}/default-ruleset.known-libs
chmod 644 %{buildroot}/%{_datadir}/%{name}/default-ruleset.known-libs
# selinux
install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
@ -127,49 +122,8 @@ install -p -m 644 %{name}-selinux-%{semodule_version}/%{name}.if %{buildroot}%{_
#cleanup
find %{buildroot} \( -name '*.la' -o -name '*.a' \) -delete
%define manage_default_rules default_changed=0 \
# check changed fapolicyd.rules \
if [ -e %{_sysconfdir}/%{name}/%{name}.rules ]; then \
diff %{_sysconfdir}/%{name}/%{name}.rules %{_datadir}/%{name}/%{name}.rules.known-libs >/dev/null 2>&1 || { \
default_changed=1; \
#echo "change detected in fapolicyd.rules"; \
} \
fi \
if [ -e %{_sysconfdir}/%{name}/rules.d ]; then \
default_ruleset='' \
# get listing of default rule files in known-libs \
[ -e %{_datadir}/%{name}/default-ruleset.known-libs ] && default_ruleset=`cat %{_datadir}/%{name}/default-ruleset.known-libs` \
# check for removed or added files \
default_count=`echo "$default_ruleset" | wc -l` \
current_count=`ls -1 %{_sysconfdir}/%{name}/rules.d/*.rules | wc -l` \
[ $default_count -eq $current_count ] || { \
default_changed=1; \
#echo "change detected in number of rule files d:$default_count vs c:$current_count"; \
} \
for file in %{_sysconfdir}/%{name}/rules.d/*.rules; do \
if echo "$default_ruleset" | grep -q "`basename $file`"; then \
# compare content of the rule files \
diff $file %{_datadir}/%{name}/sample-rules/`basename $file` >/dev/null 2>&1 || { \
default_changed=1; \
#echo "change detected in `basename $file`"; \
} \
else \
# added file detected \
default_changed=1 \
#echo "change detected in added rules file `basename $file`"; \
fi \
done \
fi \
# remove files if no change against default rules detected \
[ $default_changed -eq 0 ] && rm -rf %{_sysconfdir}/%{name}/%{name}.rules %{_sysconfdir}/%{name}/rules.d/* || : \
%pre
getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{name} -s /sbin/nologin -c "Application Whitelisting Daemon" %{name}
if [ $1 -eq 2 ]; then
# detect changed default rules in case of upgrade
%manage_default_rules
fi
%post
# if no pre-existing rule file
@ -178,27 +132,29 @@ if [ ! -e %{_sysconfdir}/%{name}/%{name}.rules ] ; then
# Only if no pre-existing component rules
if [ "$files" -eq 0 ] ; then
## Install the known libs policy
for rulesfile in `cat %{_datadir}/%{name}/default-ruleset.known-libs`; do
cp %{_datadir}/%{name}/sample-rules/$rulesfile %{_sysconfdir}/%{name}/rules.d/
done
cp %{_datadir}/%{name}/sample-rules/10-languages.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/20-dracut.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/21-updaters.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/30-patterns.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/40-bad-elf.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/41-shared-obj.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/42-trusted-elf.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/70-trusted-lang.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/72-shell.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/90-deny-execute.rules %{_sysconfdir}/%{name}/rules.d/
cp %{_datadir}/%{name}/sample-rules/95-allow-open.rules %{_sysconfdir}/%{name}/rules.d/
chgrp %{name} %{_sysconfdir}/%{name}/rules.d/*
if [ -x /usr/sbin/restorecon ] ; then
# restore correct label
/usr/sbin/restorecon -F %{_sysconfdir}/%{name}/rules.d/*
fi
fagenrules >/dev/null
fagenrules --load
fi
fi
%systemd_post %{name}.service
%preun
%systemd_preun %{name}.service
if [ $1 -eq 0 ]; then
# detect changed default rules in case of uninstall
%manage_default_rules
else
[ -e %{_sysconfdir}/%{name}/%{name}.rules ] && rm -rf %{_sysconfdir}/%{name}/rules.d/* || :
fi
%postun
%systemd_postun_with_restart %{name}.service
@ -209,15 +165,14 @@ fi
%license COPYING
%attr(755,root,%{name}) %dir %{_datadir}/%{name}
%attr(755,root,%{name}) %dir %{_datadir}/%{name}/sample-rules
%attr(644,root,%{name}) %{_datadir}/%{name}/default-ruleset.known-libs
%attr(644,root,%{name}) %{_datadir}/%{name}/sample-rules/*
%attr(644,root,%{name}) %{_datadir}/%{name}/fapolicyd-magic.mgc
%attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}
%attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/trust.d
%attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/rules.d
%attr(644,root,root) %{_sysconfdir}/bash_completion.d/*
%ghost %verify(not md5 size mtime) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/rules.d/*
%ghost %verify(not md5 size mtime) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.rules
%ghost %{_sysconfdir}/%{name}/rules.d/*
%ghost %{_sysconfdir}/%{name}/%{name}.rules
%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}-filter.conf
%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.trust
@ -236,7 +191,6 @@ fi
%ghost %attr(660,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/lib/%{name}/data.mdb
%ghost %attr(660,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/lib/%{name}/lock.mdb
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
@ -255,110 +209,115 @@ fi
%selinux_relabel_post -s %{selinuxtype}
%changelog
* Wed Jul 19 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.2-100
RHEL 9.3.0 ERRATUM
- Rebase fapolicyd to the latest stable version
Resolves: RHEL-430
- fapolicyd can leak FDs and never answer request, causing target process to hang forever
Resolves: RHEL-621
- RFE: send rule number to fanotify so it gets audited
Resolves: RHEL-624
- fapolicyd needs to make sure the FD limit is never reached
Resolves: RHEL-623
- fapolicyd still allows execution of a program after "untrusting" it
Resolves: RHEL-622
- Default q_size doesn't match manpage's one
Resolves: RHEL-627
- fapolicyd-cli --update then mount/umount twice causes fapolicyd daemon to block (state 'D')
Resolves: RHEL-817
- Fix broken backwards compatibility backend numbers
Resolves: RHEL-730
- SELinux prevents the fapolicyd from reading symlink (cert_t)
Resolves: RHEL-816
* Mon Jan 30 2023 Radovan Sroka <rsroka@redhat.com> - 1.1.3-104
RHEL 9.2.0 ERRATUM
- statically linked app can execute untrusted app
Resolves: rhbz#2097077
- fapolicyd ineffective with systemd DynamicUser=yes
Resolves: rhbz#2136802
- Starting manually fapolicyd while the service is already running breaks the system
Resolves: rhbz#2160517
- Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled
Resolves: rhbz#2160518
- fapolicyd: Introduce filtering of rpmdb
Resolves: RHEL-192
* Fri Aug 05 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-102
RHEL 9.1.0 ERRATUM
- rebase fapolicyd to the latest stable vesion
Resolves: rhbz#2100041
- fapolicyd gets way too easily killed by OOM killer
Resolves: rhbz#2097385
- fapolicyd does not correctly handle SIGHUP
Resolves: rhbz#2070655
- Introduce ppid rule attribute
Resolves: rhbz#2102558
- fapolicyd often breaks package updates
Resolves: rhbz#2111244
- drop libgcrypt in favour of openssl
Resolves: rhbz#2111938
- Remove dnf plugin
Resolves: rhbz#2113959
- fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works
Resolves: rhbz#2115849
* Thu Jun 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-104
RHEL 9.1.0 ERRATUM
- CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path
Resolves: rhbz#2069123
- Faulty handling of static applications
Resolves: rhbz#2096457
* Sun Apr 3 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-101
RHEL 9.1.0 ERRATUM
- fapolicyd denies access to /usr/lib64/ld-2.28.so
Resolves: rhbz#2067493
* Wed Feb 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-100
RHEL 9.0.0 ERRATUM
- rebase to 1.1
Resolves: rhbz#2032408
- introduce rules.d
Resolves: rhbz#2054740
- remove pretrans scriptlet
Resolve: rhbz#2051481
* Tue Dec 14 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.4-101
RHEL 9.0.0 ERRATUM
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.3.3-101
- Bump release for June 2024 mass rebuild
* Tue May 14 2024 Radovan Sroka <rsroka@redhat.com> - 1.3.3-100
RHEL 10.0.0 ERRATUM
- rebase to fapolicy-1.3.3 and fapolicyd-selinux-0.7
Resolves: RHEL-36287
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jul 10 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.3-1
- rebase to fapolicyd v1.3.2
* Thu Jun 15 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.1-2
- rebase to fapolicyd v1.3.1 and selinux v0.6
* Tue Jun 13 2023 Radovan Sroka <rsroka@redhat.com> - 1.2-6
- migrated to SPDX license
* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 1.2-5
- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
* Fri Feb 10 2023 Radovan Sroka <rsroka@redhat.com> - 1.2-1
- rebase to v1.2
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 02 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.7-3
- rebuild for eln
* Mon Nov 28 2022 Florian Weimer <fweimer@redhat.com> - 1.1.7-2
- Avoid implicit declaration of rpmFreeCrypto
* Mon Nov 28 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.7.1
- rebase fapolicyd to v1.1.7 and fapolicyd-selinux to v0.5
* Thu Sep 29 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.5.2
- rebase to 1.1.5
* Wed Aug 31 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.4-4
- fix bash completition definition in spec
Resolves: rhbz#2123065
* Tue Aug 30 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.4-3
- rebuild with correct openssl and systemd dependency
* Thu Aug 18 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.4-1
- rebase to 1.1.4
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jun 22 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-1
- rebase to 1.1.3
- removal of dnf plugin
* Wed Jun 15 2022 Python Maint <python-maint@redhat.com> - 1.1.2-2
- Rebuilt for Python 3.11
* Wed May 25 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.2-1
- rebase to v1.1.2
- fixed CVE-2022-1117
Resolves: rhbz#2089692
* Wed Mar 30 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.1-2
- rebase to v1.1.1
* Tue Feb 15 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-2
- old fapolicyd.rules needs to be ghost file
* Sun Jan 23 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-1
- rebase to v1.1
- added rules.d folder
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Dec 24 2021 Björn Esser <besser82@fedoraproject.org> - 1.0.4-2
- Rebuild(uthash)
* Fri Dec 10 2021 Radovan Sroka <rsoka@redhat.com> - 1.0.4-1
- rebase to 1.0.4
- added rpm_sha256_only option
- added trust.d directory
- allow file names with whitespaces in trust files
- use full paths in trust files
Resolves: rhbz#2032408
- fix libc.so getting identified as application/x-executable
Resolves: rhbz#2015307
- fix selinux DSP module definition in spec file
Resolves: rhbz#2014449
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.3-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Jul 20 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.3-3
RHEL 9 BETA
- SELinux prevents fapolicyd from watch_mount/watch_with_perm on /dev/shm
Resolves: rhbz#1932225
Resolves: rhbz#1977731
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.3-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
- enable trust.d folder
* Wed Sep 01 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.3-4
- selinux: use watch perm correctly
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.0.3-2
- Rebuilt for Python 3.10
* Thu Apr 01 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.3-1
- rebase to 1.0.3
- sync fedora with rhel
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.0.2-3
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Write Preview
Loading…
Cancel
Save