Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: fapolicyd | Distribution: AlmaLinux |
Version: 1.3.2 | Vendor: AlmaLinux |
Release: 1.el8 | Build date: Sat Oct 14 23:08:12 2023 |
Group: Unspecified | Build host: s390x-builder02.almalinux.org |
Size: 362250 | Source RPM: fapolicyd-1.3.2-1.el8.src.rpm |
Packager: AlmaLinux Packaging Team <packager@almalinux.org> | |
Url: http://people.redhat.com/sgrubb/fapolicyd | |
Summary: Application Whitelisting Daemon |
Fapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights.
GPLv3+
* Wed Jul 19 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.2-1 RHEL 8.9.0 ERRATUM - Rebase fapolicyd to the latest stable version Resolves: RHEL-519 - RFE: send rule number to fanotify so it gets audited Resolves: RHEL-628 - Default q_size doesn't match manpage's one Resolves: RHEL-629 - fapolicyd can leak FDs and never answer request, causing target process to hang forever Resolves: RHEL-632 - fapolicyd needs to make sure the FD limit is never reached Resolves: RHEL-631 - fapolicyd still allows execution of a program after "untrusting" it Resolves: RHEL-630 - Fix broken backwards compatibility backend numbers Resolves: RHEL-731 - fapolicyd can create RPM DB files /var/lib/rpm/__db.xxx with bad ownership causing AVCs to occur Resolves: RHEL-829 - SELinux prevents the fapolicyd from reading symlink (cert_t) Resolves: RHEL-820 * Mon Jan 30 2023 Radovan Sroka <rsroka@redhat.com> - 1.1.3-12 RHEL 8.8.0 ERRATUM - statically linked app can execute untrusted app Resolves: rhbz#2088349 - Starting manually fapolicyd while the service is already running breaks the system Resolves: rhbz#2103352 - Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled Resolves: rhbz#2087040 - fapolicyd: Introduce filtering of rpmdb Resolves: rhbz#2165645 * Fri Aug 05 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-8 RHEL 8.7.0 ERRATUM - rebase fapolicyd to the latest stable vesion Resolves: rhbz#2100087 - fapolicyd does not correctly handle SIGHUP Resolves: rhbz#2070639 - fapolicyd often breaks package updates Resolves: rhbz#2111243 - drop libgcrypt in favour of openssl Resolves: rhbz#2111935 - fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works Resolves: rhbz#2103914 - fapolicyd gets way too easily killed by OOM killer Resolves: rhbz#2100089 - compiled.rules file ownership and mode Resolves: rhbz#2066653 - Faulty handling of static applications Resolves: rhbz#2084497 - Introduce ppid rule attribute Resolves: rhbz#2102563 - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path [rhel-8.7.0] Resolves: rhbz#2069121 - Fapolicyd denies access to /usr/lib64/ld-2.28.so [rhel-8.7.0] Resolves: rhbz#2068105 * Wed Feb 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-1 RHEL 8.6.0 ERRATUM - rebase to 1.1 Resolves: rhbz#1939379 - introduce rules.d feature Resolves: rhbz#2054741 - remove pretrans scriptlet Resolves: rhbz#2051485 * Mon Dec 13 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.4-2 RHEL 8.6.0 ERRATUM - rebase to 1.0.4 - added rpm_sha256_only option - added trust.d directory - allow file names with whitespace in trust files - use full paths in trust files Resolves: rhbz#1939379 - fix libc.so getting identified as application/x-executable Resolves: rhbz#1989272 - fix fapolicyd-dnf-plugin reporting as '<invalid>' Resolves: rhbz#1997414 - fix selinux DSP module definition in spec file Resolves: rhbz#2014445 * Thu Aug 19 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-7 - fapolicyd abnormally exits by executing sosreport - fixed multiple problems with unlink() - fapolicyd breaks system upgrade, leaving system in dead state - complete fix Resolves: rhbz#1943251 * Tue Feb 16 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-3 RHEL 8.4.0 ERRATUM - rebase to 1.0.2 - strong dependency on rpm/rpm-plugin-fapolicyd - installed dnf-plugin is dummy and we are not using it anymore - enabled integrity setting Resolves: rhbz#1887451 - added make check - Adding DISA STIG during OS installation causes 'ipa-server-install' to fail - fixed java detection Resolves: rhbz#1895435 - dnf update fails when fapolicyd is enabled Resolves: rhbz#1876975 - fapolicyd breaks system upgrade, leaving system in dead state - complete fix Resolves: rhbz#1896875 * Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-3 RHEL 8.3 ERRATUM - fixed manpage fapolicyd-conf Resolves: rhbz#1817413 * Mon May 25 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-2 RHEL 8.3 ERRATUM - rebase to v1.0 - installed multiple policies to /usr/share/fapolicyd - known-libs (default) - restrictive - installed fapolicyd.trust file - enhanced fapolicyd-cli Resolves: rhbz#1817413 - introduced fapolicyd-selinux that provides SELinux policy module Resolves: rhbz#1714529 * Tue Mar 03 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.1-4 RHEL 8.2 ERRATUM - fixed possible heap buffer overflow in elf parser Resolves: rhbz#1807912 * Tue Feb 11 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.1-3 RHEL 8.2 ERRATUM - fixed build time python interpreter detection (spec) - added python2-devel as a BuildRequires (spec) - allow running bash scripts in home directories Resolves: rhbz#1801872 * Wed Nov 20 2019 Radovan Sroka <rsroka@redhat.com> - 0.9.1-2 RHEL 8.2 ERRATUM - rebase to v0.9.1 - updated default configuration with new syntax - removed daemon mounts configuration Resolves: rhbz#1759895 - default fapolicyd policy prevents Ansible from running - added ansible rule to default ruleset Resolves: rhbz#1746464 - suspicious logs on service start Resolves: rhbz#1747494 - fapolicyd blocks dracut from generating initramfs - added dracut rule to default configuration Resolves: rhbz#1757736 - fapolicyd fails to identify perl interpreter Resolves: rhbz#1765039 * Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-3 - added missing manpage for fapolicyd-cli Resolves: rhbz#1708015 * Mon Jul 22 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-2 - Convert hashes to lowercase like sha256sum outputs - Stop littering STDOUT output for dnf plugin in fapolicyd Resolves: rhbz#1721496 * Tue Jun 18 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-1 - new upstream release Resolves: rhbz#1673323 * Mon May 06 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.9-1 - New upstream release - imported from fedora30 resolves: rhbz#1673323 * Wed Mar 13 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-2 - backport some patches to resolve dac_override for fapolicyd * Mon Mar 11 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-1 - New upstream release - Added new DNF plugin that can update the trust database when rpms are installed - Added support for FAN_OPEN_EXEC_PERM * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Oct 03 2018 Steve Grubb <sgrubb@redhat.com> 0.8.7-1 - New upstream bugfix release * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Jun 07 2018 Steve Grubb <sgrubb@redhat.com> 0.8.6-1 - New upstream feature release * Fri May 18 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-2 - Add dist tag (#1579362) * Fri Feb 16 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-1 - New release
/etc/bash_completion.d/fapolicyd.bash_completion /etc/fapolicyd /etc/fapolicyd/compiled.rules /etc/fapolicyd/fapolicyd-filter.conf /etc/fapolicyd/fapolicyd.conf /etc/fapolicyd/fapolicyd.rules /etc/fapolicyd/fapolicyd.trust /etc/fapolicyd/rules.d /etc/fapolicyd/rules.d/* /etc/fapolicyd/trust.d /run/fapolicyd /run/fapolicyd/fapolicyd.fifo /usr/lib/.build-id /usr/lib/.build-id/25 /usr/lib/.build-id/25/f371dc98b6c712d3c732f94a73c25680eb1c09 /usr/lib/.build-id/c4 /usr/lib/.build-id/c4/33f377509bfc8b1d1d5b7fc6c2756b16185887 /usr/lib/python3.6/site-packages/dnf-plugins/__pycache__/fapolicyd-dnf-plugin.cpython-36.opt-1.pyc /usr/lib/python3.6/site-packages/dnf-plugins/__pycache__/fapolicyd-dnf-plugin.cpython-36.pyc /usr/lib/python3.6/site-packages/dnf-plugins/fapolicyd-dnf-plugin.py /usr/lib/systemd/system/fapolicyd.service /usr/lib/tmpfiles.d/fapolicyd.conf /usr/sbin/fagenrules /usr/sbin/fapolicyd /usr/sbin/fapolicyd-cli /usr/share/doc/fapolicyd /usr/share/doc/fapolicyd/README.md /usr/share/fapolicyd /usr/share/fapolicyd/default-ruleset.known-libs /usr/share/fapolicyd/fapolicyd-magic.mgc /usr/share/fapolicyd/sample-rules /usr/share/fapolicyd/sample-rules/10-languages.rules /usr/share/fapolicyd/sample-rules/20-dracut.rules /usr/share/fapolicyd/sample-rules/21-updaters.rules /usr/share/fapolicyd/sample-rules/30-patterns.rules /usr/share/fapolicyd/sample-rules/40-bad-elf.rules /usr/share/fapolicyd/sample-rules/41-shared-obj.rules /usr/share/fapolicyd/sample-rules/42-trusted-elf.rules /usr/share/fapolicyd/sample-rules/43-known-elf.rules /usr/share/fapolicyd/sample-rules/70-trusted-lang.rules /usr/share/fapolicyd/sample-rules/71-known-python.rules /usr/share/fapolicyd/sample-rules/72-shell.rules /usr/share/fapolicyd/sample-rules/73-known-perl.rules /usr/share/fapolicyd/sample-rules/74-known-ocaml.rules /usr/share/fapolicyd/sample-rules/75-known-php.rules /usr/share/fapolicyd/sample-rules/76-known-ruby.rules /usr/share/fapolicyd/sample-rules/77-known-lua.rules /usr/share/fapolicyd/sample-rules/90-deny-execute.rules /usr/share/fapolicyd/sample-rules/91-deny-lang.rules /usr/share/fapolicyd/sample-rules/95-allow-open.rules /usr/share/fapolicyd/sample-rules/README-rules /usr/share/licenses/fapolicyd /usr/share/licenses/fapolicyd/COPYING /usr/share/man/man5/fapolicyd-filter.conf.5.gz /usr/share/man/man5/fapolicyd.conf.5.gz /usr/share/man/man5/fapolicyd.rules.5.gz /usr/share/man/man5/fapolicyd.trust.5.gz /usr/share/man/man5/rpm-filter.conf.5.gz /usr/share/man/man8/fagenrules.8.gz /usr/share/man/man8/fapolicyd-cli.8.gz /usr/share/man/man8/fapolicyd.8.gz /var/lib/fapolicyd /var/lib/fapolicyd/data.mdb /var/lib/fapolicyd/lock.mdb /var/log/fapolicyd-access.log
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 13 08:13:28 2024