New upstream release
Improved subject cache management, performance improvements, drop need for fapolicyd.mounts file - daemon detects filesystems to monitor, stop collecting documentation in the trust database, and handle long paths.
This commit is contained in:
Radovan Sroka
parent
70553de897
commit
32c7f28dc8
1
.gitignore
vendored
1
.gitignore
vendored
@ -4,3 +4,4 @@
|
||||
/fapolicyd-0.8.8.tar.gz
|
||||
/fapolicyd-0.8.9.tar.gz
|
||||
/fapolicyd-0.8.10.tar.gz
|
||||
/fapolicyd-0.9.tar.gz
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Application Whitelisting Daemon
|
||||
Name: fapolicyd
|
||||
Version: 0.8.10
|
||||
Release: 2%{?dist}
|
||||
Version: 0.9
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://people.redhat.com/sgrubb/fapolicyd
|
||||
Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
|
||||
@ -15,7 +15,6 @@ Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
|
||||
Patch1: python.patch
|
||||
|
||||
%description
|
||||
Fapolicyd (File Access Policy Daemon) implements application whitelisting
|
||||
@ -27,8 +26,6 @@ makes use of the kernel's fanotify interface to determine file access rights.
|
||||
|
||||
%setup -q
|
||||
|
||||
%patch1 -p1 -b .python
|
||||
|
||||
sed -i "s/%python2_path%/`readlink -f %{__python2} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules
|
||||
sed -i "s/%python3_path%/`readlink -f %{__python3} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules
|
||||
|
||||
@ -63,7 +60,6 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam
|
||||
%license COPYING
|
||||
%attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}
|
||||
%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.rules
|
||||
%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.mounts
|
||||
%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.conf
|
||||
%attr(644,root,root) %{_unitdir}/%{name}.service
|
||||
%attr(644,root,root) %{_tmpfilesdir}/%{name}.conf
|
||||
@ -71,6 +67,7 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam
|
||||
%attr(755,root,root) %{_sbindir}/%{name}-cli
|
||||
%attr(644,root,root) %{_mandir}/man8/*
|
||||
%attr(644,root,root) %{_mandir}/man5/*
|
||||
%attr(644,root,root) %{_mandir}/man1/*
|
||||
%ghost %{_localstatedir}/log/%{name}-access.log
|
||||
%attr(770,root,%{name}) %dir %{_localstatedir}/lib/%{name}
|
||||
%attr(770,root,%{name}) %dir /run/%{name}
|
||||
@ -81,6 +78,9 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam
|
||||
%{python3_sitelib}/dnf-plugins/__pycache__/%{name}-dnf-plugin.*.pyc
|
||||
|
||||
%changelog
|
||||
* Mon Oct 07 2019 Radovan Sroka <rsroka@redhat.com> - 0.9-1
|
||||
- rebase to v0.9
|
||||
|
||||
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.8.10-2
|
||||
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||
|
||||
|
||||
32
python.patch
32
python.patch
@ -1,32 +0,0 @@
|
||||
diff -up ./init/fapolicyd.rules.fix ./init/fapolicyd.rules
|
||||
--- ./init/fapolicyd.rules.fix 2019-08-30 12:59:02.997181607 +0200
|
||||
+++ ./init/fapolicyd.rules 2019-08-30 13:00:21.639034651 +0200
|
||||
@@ -11,7 +11,7 @@ deny_audit pattern=ld_so all
|
||||
# We have to carve out an exception for the system updaters
|
||||
# or things go very bad (deadlock).
|
||||
allow exe=/usr/bin/rpm all
|
||||
-allow exe=/usr/bin/python3.6 comm=dnf all
|
||||
+allow exe=%python3_path% comm=dnf all
|
||||
|
||||
# Don't allow untrusted executables
|
||||
deny_audit exe_dir=execdirs exe=untrusted all
|
||||
@@ -31,10 +31,10 @@ deny_audit all ftype=application/x-share
|
||||
# Only allow system python executables and libs
|
||||
# File type by: file --mime-type /path-to-file
|
||||
allow all dir=execdirs ftype=text/x-python
|
||||
-allow exe=/usr/bin/python3.6 dir=execdirs ftype=text/x-python
|
||||
-allow exe=/usr/bin/python3.6 dir=execdirs ftype=application/octet-stream
|
||||
-allow exe=/usr/bin/python2.7 dir=execdirs ftype=text/x-python
|
||||
-allow exe=/usr/bin/python2.7 dir=execdirs ftype=application/octet-stream
|
||||
+allow exe=%python3_path% dir=execdirs ftype=text/x-python
|
||||
+allow exe=%python3_path% dir=execdirs ftype=application/octet-stream
|
||||
+allow exe=%python2_path% dir=execdirs ftype=text/x-python
|
||||
+allow exe=%python2_path% dir=execdirs ftype=application/octet-stream
|
||||
deny_audit all ftype=text/x-python
|
||||
#deny_audit all ftype=application/octet-stream path=*.pyc
|
||||
|
||||
@@ -72,4 +72,3 @@ deny_audit exe=/usr/bin/ruby all
|
||||
|
||||
# Allow everything else
|
||||
allow all all
|
||||
-
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (fapolicyd-0.8.10.tar.gz) = 7a316a1e4ccb6b4f09c37cb33a3dd309c16bdb47a936b3610204851024ef45a896538fd0f5d8322cb4903c7cb375caa4072d801f702b5265833944cc51a58945
|
||||
SHA512 (fapolicyd-0.9.tar.gz) = 9a7fc929730403cf1430051e8f2c34568f43e38119f2bb09393886f7d8880354941f70cca34a2da2ca5ad9d65bd1e4854037a0deb9d7b0656f841b33019e2146
|
||||
|
||||
Loading…
Reference in New Issue
Block a user