Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

fapolicyd-1.3.2-1.el8 RPM for s390x

From AlmaLinux 8.10 AppStream for s390x

Name: fapolicyd Distribution: AlmaLinux
Version: 1.3.2 Vendor: AlmaLinux
Release: 1.el8 Build date: Sat Oct 14 23:08:12 2023
Group: Unspecified Build host: s390x-builder02.almalinux.org
Size: 362250 Source RPM: fapolicyd-1.3.2-1.el8.src.rpm
Packager: AlmaLinux Packaging Team <packager@almalinux.org>
Url: http://people.redhat.com/sgrubb/fapolicyd
Summary: Application Whitelisting Daemon
Fapolicyd (File Access Policy Daemon) implements application whitelisting
to decide file access rights. Applications that are known via a reputation
source are allowed access while unknown applications are not. The daemon
makes use of the kernel's fanotify interface to determine file access rights.

Provides

Requires

License

GPLv3+

Changelog

* Wed Jul 19 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.2-1
  RHEL 8.9.0 ERRATUM
  - Rebase fapolicyd to the latest stable version
  Resolves: RHEL-519
  - RFE: send rule number to fanotify so it gets audited
  Resolves: RHEL-628
  - Default q_size doesn't match manpage's one
  Resolves: RHEL-629
  - fapolicyd can leak FDs and never answer request, causing target process to hang forever
  Resolves: RHEL-632
  - fapolicyd needs to make sure the FD limit is never reached
  Resolves: RHEL-631
  - fapolicyd still allows execution of a program after "untrusting" it
  Resolves: RHEL-630
  - Fix broken backwards compatibility backend numbers
  Resolves: RHEL-731
  - fapolicyd can create RPM DB files /var/lib/rpm/__db.xxx with bad ownership causing AVCs to occur
  Resolves: RHEL-829
  - SELinux prevents the fapolicyd from reading symlink (cert_t)
  Resolves: RHEL-820
* Mon Jan 30 2023 Radovan Sroka <rsroka@redhat.com> - 1.1.3-12
  RHEL 8.8.0 ERRATUM
  - statically linked app can execute untrusted app
  Resolves: rhbz#2088349
  - Starting manually fapolicyd while the service is already running breaks the system
  Resolves: rhbz#2103352
  - Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled
  Resolves: rhbz#2087040
  - fapolicyd: Introduce filtering of rpmdb
  Resolves: rhbz#2165645
* Fri Aug 05 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-8
  RHEL 8.7.0 ERRATUM
  - rebase fapolicyd to the latest stable vesion
  Resolves: rhbz#2100087
  - fapolicyd does not correctly handle SIGHUP
  Resolves: rhbz#2070639
  - fapolicyd often breaks package updates
  Resolves: rhbz#2111243
  - drop libgcrypt in favour of openssl
  Resolves: rhbz#2111935
  - fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works
  Resolves: rhbz#2103914
  - fapolicyd gets way too easily killed by OOM killer
  Resolves: rhbz#2100089
  - compiled.rules file ownership and mode
  Resolves: rhbz#2066653
  - Faulty handling of static applications
  Resolves: rhbz#2084497
  - Introduce ppid rule attribute
  Resolves: rhbz#2102563
  - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path [rhel-8.7.0]
  Resolves: rhbz#2069121
  - Fapolicyd denies access to /usr/lib64/ld-2.28.so [rhel-8.7.0]
  Resolves: rhbz#2068105
* Wed Feb 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-1
  RHEL 8.6.0 ERRATUM
  - rebase to 1.1
  Resolves: rhbz#1939379
  - introduce rules.d feature
  Resolves: rhbz#2054741
  - remove pretrans scriptlet
  Resolves: rhbz#2051485
* Mon Dec 13 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.4-2
  RHEL 8.6.0 ERRATUM
  - rebase to 1.0.4
  - added rpm_sha256_only option
  - added trust.d directory
  - allow file names with whitespace in trust files
  - use full paths in trust files
  Resolves: rhbz#1939379
  - fix libc.so getting identified as application/x-executable
  Resolves: rhbz#1989272
  - fix fapolicyd-dnf-plugin reporting as '<invalid>'
  Resolves: rhbz#1997414
  - fix selinux DSP module definition in spec file
  Resolves: rhbz#2014445
* Thu Aug 19 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-7
  - fapolicyd abnormally exits by executing sosreport
  - fixed multiple problems with unlink()
  - fapolicyd breaks system upgrade, leaving system in dead state - complete fix
  Resolves: rhbz#1943251
* Tue Feb 16 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-3
  RHEL 8.4.0 ERRATUM
  - rebase to 1.0.2
  - strong dependency on rpm/rpm-plugin-fapolicyd
  - installed dnf-plugin is dummy and we are not using it anymore
  - enabled integrity setting
  Resolves: rhbz#1887451
  - added make check
  - Adding DISA STIG during OS installation causes 'ipa-server-install' to fail
  - fixed java detection
  Resolves: rhbz#1895435
  - dnf update fails when fapolicyd is enabled
  Resolves: rhbz#1876975
  - fapolicyd breaks system upgrade, leaving system in dead state - complete fix
  Resolves: rhbz#1896875
* Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-3
  RHEL 8.3 ERRATUM
  - fixed manpage fapolicyd-conf
  Resolves: rhbz#1817413
* Mon May 25 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-2
  RHEL 8.3 ERRATUM
  - rebase to v1.0
  - installed multiple policies to /usr/share/fapolicyd
    - known-libs (default)
    - restrictive
  - installed fapolicyd.trust file
  - enhanced fapolicyd-cli
  Resolves: rhbz#1817413
  - introduced fapolicyd-selinux that provides SELinux policy module
  Resolves: rhbz#1714529
* Tue Mar 03 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.1-4
  RHEL 8.2 ERRATUM
  - fixed possible heap buffer overflow in elf parser
  Resolves: rhbz#1807912
* Tue Feb 11 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.1-3
  RHEL 8.2 ERRATUM
  - fixed build time python interpreter detection (spec)
  - added python2-devel as a BuildRequires (spec)
  - allow running bash scripts in home directories
  Resolves: rhbz#1801872
* Wed Nov 20 2019 Radovan Sroka <rsroka@redhat.com> - 0.9.1-2
  RHEL 8.2 ERRATUM
  - rebase to v0.9.1
  - updated default configuration with new syntax
  - removed daemon mounts configuration
  Resolves: rhbz#1759895
  - default fapolicyd policy prevents Ansible from running
  - added ansible rule to default ruleset
  Resolves: rhbz#1746464
  - suspicious logs on service start
  Resolves: rhbz#1747494
  - fapolicyd blocks dracut from generating initramfs
  - added dracut rule to default configuration
  Resolves: rhbz#1757736
  - fapolicyd fails to identify perl interpreter
  Resolves: rhbz#1765039
* Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-3
  - added missing manpage for fapolicyd-cli
  Resolves: rhbz#1708015
* Mon Jul 22 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-2
  - Convert hashes to lowercase like sha256sum outputs
  - Stop littering STDOUT output for dnf plugin in fapolicyd
  Resolves: rhbz#1721496
* Tue Jun 18 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-1
  - new upstream release
  Resolves: rhbz#1673323
* Mon May 06 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.9-1
  - New upstream release
  - imported from fedora30
    resolves: rhbz#1673323
* Wed Mar 13 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-2
  - backport some patches to resolve dac_override for fapolicyd
* Mon Mar 11 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-1
  - New upstream release
  - Added new DNF plugin that can update the trust database when rpms are installed
  - Added support for FAN_OPEN_EXEC_PERM
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.7-3
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Oct 03 2018 Steve Grubb <sgrubb@redhat.com> 0.8.7-1
  - New upstream bugfix release
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.6-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 07 2018 Steve Grubb <sgrubb@redhat.com> 0.8.6-1
  - New upstream feature release
* Fri May 18 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-2
  - Add dist tag (#1579362)
* Fri Feb 16 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-1
  - New release

Files

/etc/bash_completion.d/fapolicyd.bash_completion
/etc/fapolicyd
/etc/fapolicyd/compiled.rules
/etc/fapolicyd/fapolicyd-filter.conf
/etc/fapolicyd/fapolicyd.conf
/etc/fapolicyd/fapolicyd.rules
/etc/fapolicyd/fapolicyd.trust
/etc/fapolicyd/rules.d
/etc/fapolicyd/rules.d/*
/etc/fapolicyd/trust.d
/run/fapolicyd
/run/fapolicyd/fapolicyd.fifo
/usr/lib/.build-id
/usr/lib/.build-id/25
/usr/lib/.build-id/25/f371dc98b6c712d3c732f94a73c25680eb1c09
/usr/lib/.build-id/c4
/usr/lib/.build-id/c4/33f377509bfc8b1d1d5b7fc6c2756b16185887
/usr/lib/python3.6/site-packages/dnf-plugins/__pycache__/fapolicyd-dnf-plugin.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/dnf-plugins/__pycache__/fapolicyd-dnf-plugin.cpython-36.pyc
/usr/lib/python3.6/site-packages/dnf-plugins/fapolicyd-dnf-plugin.py
/usr/lib/systemd/system/fapolicyd.service
/usr/lib/tmpfiles.d/fapolicyd.conf
/usr/sbin/fagenrules
/usr/sbin/fapolicyd
/usr/sbin/fapolicyd-cli
/usr/share/doc/fapolicyd
/usr/share/doc/fapolicyd/README.md
/usr/share/fapolicyd
/usr/share/fapolicyd/default-ruleset.known-libs
/usr/share/fapolicyd/fapolicyd-magic.mgc
/usr/share/fapolicyd/sample-rules
/usr/share/fapolicyd/sample-rules/10-languages.rules
/usr/share/fapolicyd/sample-rules/20-dracut.rules
/usr/share/fapolicyd/sample-rules/21-updaters.rules
/usr/share/fapolicyd/sample-rules/30-patterns.rules
/usr/share/fapolicyd/sample-rules/40-bad-elf.rules
/usr/share/fapolicyd/sample-rules/41-shared-obj.rules
/usr/share/fapolicyd/sample-rules/42-trusted-elf.rules
/usr/share/fapolicyd/sample-rules/43-known-elf.rules
/usr/share/fapolicyd/sample-rules/70-trusted-lang.rules
/usr/share/fapolicyd/sample-rules/71-known-python.rules
/usr/share/fapolicyd/sample-rules/72-shell.rules
/usr/share/fapolicyd/sample-rules/73-known-perl.rules
/usr/share/fapolicyd/sample-rules/74-known-ocaml.rules
/usr/share/fapolicyd/sample-rules/75-known-php.rules
/usr/share/fapolicyd/sample-rules/76-known-ruby.rules
/usr/share/fapolicyd/sample-rules/77-known-lua.rules
/usr/share/fapolicyd/sample-rules/90-deny-execute.rules
/usr/share/fapolicyd/sample-rules/91-deny-lang.rules
/usr/share/fapolicyd/sample-rules/95-allow-open.rules
/usr/share/fapolicyd/sample-rules/README-rules
/usr/share/licenses/fapolicyd
/usr/share/licenses/fapolicyd/COPYING
/usr/share/man/man5/fapolicyd-filter.conf.5.gz
/usr/share/man/man5/fapolicyd.conf.5.gz
/usr/share/man/man5/fapolicyd.rules.5.gz
/usr/share/man/man5/fapolicyd.trust.5.gz
/usr/share/man/man5/rpm-filter.conf.5.gz
/usr/share/man/man8/fagenrules.8.gz
/usr/share/man/man8/fapolicyd-cli.8.gz
/usr/share/man/man8/fapolicyd.8.gz
/var/lib/fapolicyd
/var/lib/fapolicyd/data.mdb
/var/lib/fapolicyd/lock.mdb
/var/log/fapolicyd-access.log


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Nov 13 08:13:28 2024