Mon, 04 Mar 2024 04:08:01 UTC | login

Information for build fapolicyd-1.3.1-1.el8

ID34087
Package Namefapolicyd
Version1.3.1
Release1.el8
Epoch
Sourcegit+https://gitlab.com/redhat/centos-stream/rpms/fapolicyd.git#35ba89fea9d5a6a2de1479eecc4c61e6a6585f89
SummaryApplication Whitelisting Daemon
DescriptionFapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights.
Built byrsroka
State complete
Volume DEFAULT
StartedWed, 28 Jun 2023 20:52:57 UTC
CompletedWed, 28 Jun 2023 20:55:16 UTC
Taskbuild (c8s-candidate, /redhat/centos-stream/rpms/fapolicyd.git:35ba89fea9d5a6a2de1479eecc4c61e6a6585f89)
Extra{'custom_user_metadata': {'rhel-target': 'latest'}, 'source': {'original_url': 'git+https://gitlab.com/redhat/centos-stream/rpms/fapolicyd.git#35ba89fea9d5a6a2de1479eecc4c61e6a6585f89'}}
Tags
c8s-gate
c8s-pending
c8s-pending-signed
RPMs
src
fapolicyd-1.3.1-1.el8.src.rpm (info) (download)
aarch64
fapolicyd-1.3.1-1.el8.aarch64.rpm (info) (download)
fapolicyd-debuginfo-1.3.1-1.el8.aarch64.rpm (info) (download)
fapolicyd-debugsource-1.3.1-1.el8.aarch64.rpm (info) (download)
i686
fapolicyd-1.3.1-1.el8.i686.rpm (info) (download)
fapolicyd-debuginfo-1.3.1-1.el8.i686.rpm (info) (download)
fapolicyd-debugsource-1.3.1-1.el8.i686.rpm (info) (download)
noarch
fapolicyd-selinux-1.3.1-1.el8.noarch.rpm (info) (download)
ppc64le
fapolicyd-1.3.1-1.el8.ppc64le.rpm (info) (download)
fapolicyd-debuginfo-1.3.1-1.el8.ppc64le.rpm (info) (download)
fapolicyd-debugsource-1.3.1-1.el8.ppc64le.rpm (info) (download)
x86_64
fapolicyd-1.3.1-1.el8.x86_64.rpm (info) (download)
fapolicyd-debuginfo-1.3.1-1.el8.x86_64.rpm (info) (download)
fapolicyd-debugsource-1.3.1-1.el8.x86_64.rpm (info) (download)
Logs
aarch64
build.log
installed_pkgs.log
root.log
state.log
hw_info.log
mock_output.log
noarch_rpmdiff.json
ppc64le
state.log
build.log
root.log
installed_pkgs.log
hw_info.log
mock_output.log
noarch_rpmdiff.json
i686
state.log
root.log
installed_pkgs.log
build.log
hw_info.log
mock_output.log
noarch_rpmdiff.json
x86_64
state.log
build.log
installed_pkgs.log
root.log
hw_info.log
mock_output.log
noarch_rpmdiff.json
Changelog * Tue Jun 20 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.1-1 RHEL 8.9.0 ERRATUM - Rebase fapolicyd to the latest stable version Resolves: RHEL-519 - RFE: send rule number to fanotify so it gets audited Resolves: RHEL-628 - Default q_size doesn't match manpage's one Resolves: RHEL-629 - fapolicyd can leak FDs and never answer request, causing target process to hang forever Resolves: RHEL-632 - fapolicyd needs to make sure the FD limit is never reached Resolves: RHEL-631 - fapolicyd still allows execution of a program after "untrusting" it Resolves: RHEL-630 * Mon Jan 30 2023 Radovan Sroka <rsroka@redhat.com> - 1.1.3-12 RHEL 8.8.0 ERRATUM - statically linked app can execute untrusted app Resolves: rhbz#2088349 - Starting manually fapolicyd while the service is already running breaks the system Resolves: rhbz#2103352 - Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled Resolves: rhbz#2087040 - fapolicyd: Introduce filtering of rpmdb Resolves: rhbz#2165645 * Fri Aug 05 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-8 RHEL 8.7.0 ERRATUM - rebase fapolicyd to the latest stable vesion Resolves: rhbz#2100087 - fapolicyd does not correctly handle SIGHUP Resolves: rhbz#2070639 - fapolicyd often breaks package updates Resolves: rhbz#2111243 - drop libgcrypt in favour of openssl Resolves: rhbz#2111935 - fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works Resolves: rhbz#2103914 - fapolicyd gets way too easily killed by OOM killer Resolves: rhbz#2100089 - compiled.rules file ownership and mode Resolves: rhbz#2066653 - Faulty handling of static applications Resolves: rhbz#2084497 - Introduce ppid rule attribute Resolves: rhbz#2102563 - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path [rhel-8.7.0] Resolves: rhbz#2069121 - Fapolicyd denies access to /usr/lib64/ld-2.28.so [rhel-8.7.0] Resolves: rhbz#2068105 * Wed Feb 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-1 RHEL 8.6.0 ERRATUM - rebase to 1.1 Resolves: rhbz#1939379 - introduce rules.d feature Resolves: rhbz#2054741 - remove pretrans scriptlet Resolves: rhbz#2051485 * Mon Dec 13 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.4-2 RHEL 8.6.0 ERRATUM - rebase to 1.0.4 - added rpm_sha256_only option - added trust.d directory - allow file names with whitespace in trust files - use full paths in trust files Resolves: rhbz#1939379 - fix libc.so getting identified as application/x-executable Resolves: rhbz#1989272 - fix fapolicyd-dnf-plugin reporting as '<invalid>' Resolves: rhbz#1997414 - fix selinux DSP module definition in spec file Resolves: rhbz#2014445 * Thu Aug 19 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-7 - fapolicyd abnormally exits by executing sosreport - fixed multiple problems with unlink() - fapolicyd breaks system upgrade, leaving system in dead state - complete fix Resolves: rhbz#1943251 * Tue Feb 16 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-3 RHEL 8.4.0 ERRATUM - rebase to 1.0.2 - strong dependency on rpm/rpm-plugin-fapolicyd - installed dnf-plugin is dummy and we are not using it anymore - enabled integrity setting Resolves: rhbz#1887451 - added make check - Adding DISA STIG during OS installation causes 'ipa-server-install' to fail - fixed java detection Resolves: rhbz#1895435 - dnf update fails when fapolicyd is enabled Resolves: rhbz#1876975 - fapolicyd breaks system upgrade, leaving system in dead state - complete fix Resolves: rhbz#1896875 * Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-3 RHEL 8.3 ERRATUM - fixed manpage fapolicyd-conf Resolves: rhbz#1817413 * Mon May 25 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-2 RHEL 8.3 ERRATUM - rebase to v1.0 - installed multiple policies to /usr/share/fapolicyd - known-libs (default) - restrictive - installed fapolicyd.trust file - enhanced fapolicyd-cli Resolves: rhbz#1817413 - introduced fapolicyd-selinux that provides SELinux policy module Resolves: rhbz#1714529 * Tue Mar 03 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.1-4 RHEL 8.2 ERRATUM - fixed possible heap buffer overflow in elf parser Resolves: rhbz#1807912 * Tue Feb 11 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.1-3 RHEL 8.2 ERRATUM - fixed build time python interpreter detection (spec) - added python2-devel as a BuildRequires (spec) - allow running bash scripts in home directories Resolves: rhbz#1801872 * Wed Nov 20 2019 Radovan Sroka <rsroka@redhat.com> - 0.9.1-2 RHEL 8.2 ERRATUM - rebase to v0.9.1 - updated default configuration with new syntax - removed daemon mounts configuration Resolves: rhbz#1759895 - default fapolicyd policy prevents Ansible from running - added ansible rule to default ruleset Resolves: rhbz#1746464 - suspicious logs on service start Resolves: rhbz#1747494 - fapolicyd blocks dracut from generating initramfs - added dracut rule to default configuration Resolves: rhbz#1757736 - fapolicyd fails to identify perl interpreter Resolves: rhbz#1765039 * Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-3 - added missing manpage for fapolicyd-cli Resolves: rhbz#1708015 * Mon Jul 22 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-2 - Convert hashes to lowercase like sha256sum outputs - Stop littering STDOUT output for dnf plugin in fapolicyd Resolves: rhbz#1721496 * Tue Jun 18 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-1 - new upstream release Resolves: rhbz#1673323 * Mon May 06 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.9-1 - New upstream release - imported from fedora30 resolves: rhbz#1673323 * Wed Mar 13 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-2 - backport some patches to resolve dac_override for fapolicyd * Mon Mar 11 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-1 - New upstream release - Added new DNF plugin that can update the trust database when rpms are installed - Added support for FAN_OPEN_EXEC_PERM * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Oct 03 2018 Steve Grubb <sgrubb@redhat.com> 0.8.7-1 - New upstream bugfix release * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Jun 07 2018 Steve Grubb <sgrubb@redhat.com> 0.8.6-1 - New upstream feature release * Fri May 18 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-2 - Add dist tag (#1579362) * Fri Feb 16 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-1 - New release