Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: fapolicyd | Distribution: CentOS |
Version: 1.3.1 | Vendor: CentOS |
Release: 100.el9 | Build date: Wed Jun 28 22:51:44 2023 |
Group: Unspecified | Build host: s390-02.stream.rdu2.redhat.com |
Size: 304086 | Source RPM: fapolicyd-1.3.1-100.el9.src.rpm |
Packager: builder@centos.org | |
Url: http://people.redhat.com/sgrubb/fapolicyd | |
Summary: Application Whitelisting Daemon |
Fapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights.
GPLv3+
* Fri Jun 16 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.1-100 RHEL 9.3.0 ERRATUM - Rebase fapolicyd to the latest stable version Resolves: RHEL-430 - fapolicyd can leak FDs and never answer request, causing target process to hang forever Resolves: RHEL-621 - RFE: send rule number to fanotify so it gets audited Resolves: RHEL-624 - fapolicyd needs to make sure the FD limit is never reached Resolves: RHEL-623 - fapolicyd still allows execution of a program after "untrusting" it Resolves: RHEL-622 - Default q_size doesn't match manpage's one Resolves: TBD * Mon Jan 30 2023 Radovan Sroka <rsroka@redhat.com> - 1.1.3-104 RHEL 9.2.0 ERRATUM - statically linked app can execute untrusted app Resolves: rhbz#2097077 - fapolicyd ineffective with systemd DynamicUser=yes Resolves: rhbz#2136802 - Starting manually fapolicyd while the service is already running breaks the system Resolves: rhbz#2160517 - Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled Resolves: rhbz#2160518 - fapolicyd: Introduce filtering of rpmdb Resolves: RHEL-192 * Fri Aug 05 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-102 RHEL 9.1.0 ERRATUM - rebase fapolicyd to the latest stable vesion Resolves: rhbz#2100041 - fapolicyd gets way too easily killed by OOM killer Resolves: rhbz#2097385 - fapolicyd does not correctly handle SIGHUP Resolves: rhbz#2070655 - Introduce ppid rule attribute Resolves: rhbz#2102558 - fapolicyd often breaks package updates Resolves: rhbz#2111244 - drop libgcrypt in favour of openssl Resolves: rhbz#2111938 - Remove dnf plugin Resolves: rhbz#2113959 - fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works Resolves: rhbz#2115849 * Thu Jun 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-104 RHEL 9.1.0 ERRATUM - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path Resolves: rhbz#2069123 - Faulty handling of static applications Resolves: rhbz#2096457 * Sun Apr 03 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-101 RHEL 9.1.0 ERRATUM - fapolicyd denies access to /usr/lib64/ld-2.28.so Resolves: rhbz#2067493 * Wed Feb 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-100 RHEL 9.0.0 ERRATUM - rebase to 1.1 Resolves: rhbz#2032408 - introduce rules.d Resolves: rhbz#2054740 - remove pretrans scriptlet Resolve: rhbz#2051481 * Tue Dec 14 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.4-101 RHEL 9.0.0 ERRATUM - rebase to 1.0.4 - added rpm_sha256_only option - added trust.d directory - allow file names with whitespaces in trust files - use full paths in trust files Resolves: rhbz#2032408 - fix libc.so getting identified as application/x-executable Resolves: rhbz#2015307 - fix selinux DSP module definition in spec file Resolves: rhbz#2014449 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.3-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue Jul 20 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.3-3 RHEL 9 BETA - SELinux prevents fapolicyd from watch_mount/watch_with_perm on /dev/shm Resolves: rhbz#1932225 Resolves: rhbz#1977731
/etc/bash_completion.d/fapolicyd.bash_completion /etc/fapolicyd /etc/fapolicyd/compiled.rules /etc/fapolicyd/fapolicyd-filter.conf /etc/fapolicyd/fapolicyd.conf /etc/fapolicyd/fapolicyd.rules /etc/fapolicyd/fapolicyd.trust /etc/fapolicyd/rules.d /etc/fapolicyd/rules.d/* /etc/fapolicyd/trust.d /run/fapolicyd /run/fapolicyd/fapolicyd.fifo /usr/lib/.build-id /usr/lib/.build-id/0c /usr/lib/.build-id/0c/82b0f883e7efc6208f92e609bdb51703bb9245 /usr/lib/.build-id/90 /usr/lib/.build-id/90/0cc12dbd63de9f2ac671be052f75eccb3368d3 /usr/lib/systemd/system/fapolicyd.service /usr/lib/tmpfiles.d/fapolicyd.conf /usr/sbin/fagenrules /usr/sbin/fapolicyd /usr/sbin/fapolicyd-cli /usr/share/doc/fapolicyd /usr/share/doc/fapolicyd/README.md /usr/share/fapolicyd /usr/share/fapolicyd/default-ruleset.known-libs /usr/share/fapolicyd/fapolicyd-magic.mgc /usr/share/fapolicyd/sample-rules /usr/share/fapolicyd/sample-rules/10-languages.rules /usr/share/fapolicyd/sample-rules/20-dracut.rules /usr/share/fapolicyd/sample-rules/21-updaters.rules /usr/share/fapolicyd/sample-rules/30-patterns.rules /usr/share/fapolicyd/sample-rules/40-bad-elf.rules /usr/share/fapolicyd/sample-rules/41-shared-obj.rules /usr/share/fapolicyd/sample-rules/42-trusted-elf.rules /usr/share/fapolicyd/sample-rules/43-known-elf.rules /usr/share/fapolicyd/sample-rules/70-trusted-lang.rules /usr/share/fapolicyd/sample-rules/71-known-python.rules /usr/share/fapolicyd/sample-rules/72-shell.rules /usr/share/fapolicyd/sample-rules/73-known-perl.rules /usr/share/fapolicyd/sample-rules/74-known-ocaml.rules /usr/share/fapolicyd/sample-rules/75-known-php.rules /usr/share/fapolicyd/sample-rules/76-known-ruby.rules /usr/share/fapolicyd/sample-rules/77-known-lua.rules /usr/share/fapolicyd/sample-rules/90-deny-execute.rules /usr/share/fapolicyd/sample-rules/91-deny-lang.rules /usr/share/fapolicyd/sample-rules/95-allow-open.rules /usr/share/fapolicyd/sample-rules/README-rules /usr/share/licenses/fapolicyd /usr/share/licenses/fapolicyd/COPYING /usr/share/man/man5/fapolicyd-filter.conf.5.gz /usr/share/man/man5/fapolicyd.conf.5.gz /usr/share/man/man5/fapolicyd.rules.5.gz /usr/share/man/man5/fapolicyd.trust.5.gz /usr/share/man/man5/rpm-filter.conf.5.gz /usr/share/man/man8/fagenrules.8.gz /usr/share/man/man8/fapolicyd-cli.8.gz /usr/share/man/man8/fapolicyd.8.gz /var/lib/fapolicyd /var/lib/fapolicyd/data.mdb /var/lib/fapolicyd/lock.mdb /var/log/fapolicyd-access.log
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 13 07:29:07 2024