Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/fapolicyd.git#183a7e15ec6b1052a7ea3c3036840c7578e6776b
This commit is contained in:
DistroBaker
parent
267a5f545a
commit
725d3a69e0
3
.gitignore
vendored
3
.gitignore
vendored
@ -14,3 +14,6 @@
|
||||
/fapolicyd-selinux-0.3.tar.gz
|
||||
/fapolicyd-1.0.1.tar.gz
|
||||
/fapolicyd-1.0.2.tar.gz
|
||||
/fapolicyd-selinux-0.4.tar.gz
|
||||
/uthash-2.3.0.tar.gz
|
||||
/fapolicyd-1.0.3.tar.gz
|
||||
|
||||
@ -1,40 +0,0 @@
|
||||
diff -up ./init/fapolicyd-magic.magic-override ./init/fapolicyd-magic
|
||||
--- ./init/fapolicyd-magic.magic-override 2020-11-16 20:16:10.764346043 +0100
|
||||
+++ ./init/fapolicyd-magic 2020-11-16 20:18:30.354528379 +0100
|
||||
@@ -1,9 +1,17 @@
|
||||
0 string/w #!\ /usr/bin/bash Bourne-Again shell script text executable
|
||||
!:mime text/x-shellscript
|
||||
|
||||
+0 search/1/w #!\ /usr/bin/env\ bash Bourne-Again shell script text executable
|
||||
+!:strength + 15
|
||||
+!:mime text/x-shellscript
|
||||
+
|
||||
0 string/w #!\ /usr/bin/sh Shell script text executable
|
||||
!:mime text/x-shellscript
|
||||
|
||||
+0 search/1/w #!\ /usr/bin/env\ bash Bourne-Again shell script text executable
|
||||
+!:strength + 15
|
||||
+!:mime text/x-shellscript
|
||||
+
|
||||
0 string/wt #!\ /bin/rc Plan 9 shell script text executable
|
||||
!:mime text/x-plan9-shellscript
|
||||
|
||||
@@ -47,10 +55,18 @@
|
||||
!:strength + 15
|
||||
!:mime text/x-python
|
||||
|
||||
+0 search/1/w #!\ /usr/bin/env\ python3 Python script text executable
|
||||
+!:strength + 15
|
||||
+!:mime text/x-python
|
||||
+
|
||||
0 search/1/wt #!\ /usr/bin/python2 Python script text executable
|
||||
!:strength + 15
|
||||
!:mime text/x-python
|
||||
|
||||
+0 search/1/w #!\ /usr/bin/env\ python2 Python script text executable
|
||||
+!:strength + 15
|
||||
+!:mime text/x-python
|
||||
+
|
||||
0 search/1/wt #!\ /usr/bin/python Python script text executable
|
||||
!:strength + 15
|
||||
!:mime text/x-python
|
||||
39
fapolicyd-uthash-bundle.patch
Normal file
39
fapolicyd-uthash-bundle.patch
Normal file
@ -0,0 +1,39 @@
|
||||
diff -up ./configure.ac.uthash ./configure.ac
|
||||
--- ./configure.ac.uthash 2021-03-25 22:12:48.164450403 +0100
|
||||
+++ ./configure.ac 2021-03-25 22:13:01.067282788 +0100
|
||||
@@ -67,10 +67,6 @@ AC_CHECK_HEADER(sys/fanotify.h, , [AC_MS
|
||||
["Couldn't find sys/fanotify.h...your kernel might not be new enough"] )])
|
||||
AC_CHECK_FUNCS(fexecve, [], [])
|
||||
|
||||
-AC_CHECK_HEADER(uthash.h, , [AC_MSG_ERROR(
|
||||
-["Couldn't find uthash.h...uthash-devel is missing"] )])
|
||||
-
|
||||
-
|
||||
echo .
|
||||
echo Checking for required libraries
|
||||
AC_CHECK_LIB(udev, udev_device_get_devnode, , [AC_MSG_ERROR([libudev not found])], -ludev)
|
||||
diff -up ./src/library/rpm-backend.c.uthash ./src/library/rpm-backend.c
|
||||
--- ./src/library/rpm-backend.c.uthash 2021-01-05 16:27:53.000000000 +0100
|
||||
+++ ./src/library/rpm-backend.c 2021-03-25 22:12:33.212644641 +0100
|
||||
@@ -32,7 +32,7 @@
|
||||
#include <rpm/rpmdb.h>
|
||||
#include <fnmatch.h>
|
||||
|
||||
-#include <uthash.h>
|
||||
+#include "uthash.h"
|
||||
|
||||
#include "message.h"
|
||||
|
||||
diff -up ./src/Makefile.am.uthash ./src/Makefile.am
|
||||
--- ./src/Makefile.am.uthash 2021-01-05 16:27:53.000000000 +0100
|
||||
+++ ./src/Makefile.am 2021-03-25 22:12:33.212644641 +0100
|
||||
@@ -5,6 +5,9 @@ AM_CPPFLAGS = \
|
||||
-I${top_srcdir} \
|
||||
-I${top_srcdir}/src/library
|
||||
|
||||
+AM_CPPFLAGS += \
|
||||
+ -I${top_srcdir}/uthash-2.3.0/include
|
||||
+
|
||||
sbin_PROGRAMS = fapolicyd fapolicyd-cli
|
||||
lib_LTLIBRARIES= libfapolicyd.la
|
||||
|
||||
@ -1,22 +1,28 @@
|
||||
%global selinuxtype targeted
|
||||
%global moduletype contrib
|
||||
%define semodule_version 0.3
|
||||
%define semodule_version 0.4
|
||||
|
||||
Summary: Application Whitelisting Daemon
|
||||
Name: fapolicyd
|
||||
Version: 1.0.2
|
||||
Release: 2%{?dist}
|
||||
Version: 1.0.3
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://people.redhat.com/sgrubb/fapolicyd
|
||||
Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
|
||||
Source1: https://github.com/linux-application-whitelisting/%{name}-selinux/releases/download/v%{semodule_version}/%{name}-selinux-%{semodule_version}.tar.gz
|
||||
# we bundle uthash for rhel9
|
||||
Source2: https://github.com/troydhanson/uthash/archive/refs/tags/v2.3.0.tar.gz#/uthash-2.3.0.tar.gz
|
||||
BuildRequires: gcc
|
||||
BuildRequires: kernel-headers
|
||||
BuildRequires: autoconf automake make gcc libtool
|
||||
BuildRequires: systemd-devel libgcrypt-devel rpm-devel file-devel file
|
||||
BuildRequires: libcap-ng-devel libseccomp-devel lmdb-devel
|
||||
BuildRequires: python3-devel
|
||||
|
||||
%if 0%{?rhel} == 0
|
||||
BuildRequires: uthash-devel
|
||||
%endif
|
||||
|
||||
Requires: %{name}-plugin
|
||||
Recommends: %{name}-selinux
|
||||
Requires(pre): shadow-utils
|
||||
@ -24,8 +30,7 @@ Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
|
||||
Patch1: fapolicyd-magic-override.patch
|
||||
Patch2: selinux.patch
|
||||
Patch1: fapolicyd-uthash-bundle.patch
|
||||
|
||||
%description
|
||||
Fapolicyd (File Access Policy Daemon) implements application whitelisting
|
||||
@ -65,17 +70,18 @@ Don't use dnf and rpm plugin together.
|
||||
# selinux
|
||||
%setup -q -D -T -a 1
|
||||
|
||||
%patch1 -p1 -b .magic-override
|
||||
%patch2 -p1 -b .selinux
|
||||
%if 0%{?rhel} != 0
|
||||
# uthash
|
||||
%setup -q -D -T -a 2
|
||||
%patch1 -p1 -b .uthash
|
||||
%endif
|
||||
|
||||
sed -i "s/%python2_path%/`readlink -f %{__python2} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules.*
|
||||
sed -i "s/%python3_path%/`readlink -f %{__python3} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules.*
|
||||
sed -i "s/%ld_so_path%/`find /usr/lib64/ -type f -name 'ld-2\.*.so' | sed 's/\//\\\\\//g'`/g" init/%{name}.rules.*
|
||||
|
||||
%build
|
||||
|
||||
./autogen.sh
|
||||
|
||||
%configure \
|
||||
--with-audit \
|
||||
--with-rpm \
|
||||
@ -116,6 +122,28 @@ find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';'
|
||||
%pre
|
||||
getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{name} -s /sbin/nologin -c "Application Whitelisting Daemon" %{name}
|
||||
|
||||
%pretrans -p <lua>
|
||||
if posix.access("/run/fapolicyd.pid", "f") then
|
||||
os.execute([[
|
||||
c=/etc/fapolicyd/fapolicyd.rules
|
||||
rule="allow perm=any uid=0 : all"
|
||||
|
||||
if test -e $c; then
|
||||
if systemctl is-active fapolicyd &> /dev/null; then
|
||||
tmp=`mktemp`
|
||||
cat $c > $tmp
|
||||
echo "$rule" > $c
|
||||
cat $tmp >> $c
|
||||
systemctl restart fapolicyd || true
|
||||
sleep 10
|
||||
cat $tmp > $c
|
||||
rm -f $tmp
|
||||
fi
|
||||
fi
|
||||
]])
|
||||
end
|
||||
|
||||
|
||||
%post
|
||||
%systemd_post %{name}.service
|
||||
|
||||
@ -157,6 +185,7 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam
|
||||
|
||||
%post selinux
|
||||
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
|
||||
%selinux_relabel_post -s %{selinuxtype}
|
||||
|
||||
%postun selinux
|
||||
if [ $1 -eq 0 ]; then
|
||||
@ -172,6 +201,10 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Apr 01 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.3-1
|
||||
- rebase to 1.0.3
|
||||
- sync fedora with rhel
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
diff -up ./fapolicyd-selinux-0.3/fapolicyd.te.selinux ./fapolicyd-selinux-0.3/fapolicyd.te
|
||||
--- ./fapolicyd-selinux-0.3/fapolicyd.te.selinux 2020-11-16 20:26:57.777902314 +0100
|
||||
+++ ./fapolicyd-selinux-0.3/fapolicyd.te 2020-11-16 20:28:17.659857140 +0100
|
||||
@@ -64,7 +64,10 @@ files_read_all_files(fapolicyd_t)
|
||||
fs_getattr_xattr_fs(fapolicyd_t)
|
||||
|
||||
logging_send_syslog_msg(fapolicyd_t)
|
||||
+dbus_system_bus_client(fapolicyd_t)
|
||||
|
||||
optional_policy(`
|
||||
- rpm_read_db(fapolicyd_t)
|
||||
+ rpm_read_db(fapolicyd_t)
|
||||
+ allow fapolicyd_t rpm_var_lib_t:file { create };
|
||||
+ allow fapolicyd_t rpm_var_lib_t:dir { add_name write };
|
||||
')
|
||||
5
sources
5
sources
@ -1,2 +1,3 @@
|
||||
SHA512 (fapolicyd-1.0.2.tar.gz) = 02f9a1681a948eefd856ca7e09c8dd06c5c1f0004e5f1c6d1513f79c1cb5d6bd31fa118a147ef9244b2146a3da1f525a4a329a37c969ce175a221e05d198bd1a
|
||||
SHA512 (fapolicyd-selinux-0.3.tar.gz) = 29895ee587294a275b3dbc712f915466758a3aabf7a692ed410ff91ae5d7dea936c231cde6aca5adf4edb9d9160450b65317ca9d1d6e76d687066d17d18495cd
|
||||
SHA512 (fapolicyd-1.0.3.tar.gz) = 5ec48d6c3ab6312c3ad4cc23e04fe03c5288baee9ee796ae944a539b082176f9fe03ad04edb8442af194d224b888e81addc5f84d4c1a368618a2a590a17c16a1
|
||||
SHA512 (fapolicyd-selinux-0.4.tar.gz) = afc74b9c55c71bec2039d112e8e16abc510b58bf794bd665f3128a63daa45572a6f18d1c4de1f63e45a01f8696aacfbf54ed2a07485d581f25446b7fe92307a2
|
||||
SHA512 (uthash-2.3.0.tar.gz) = 3b01f1074790fb242900411cb16eb82c1a9afcf58e3196a0f4611d9d7ef94690ad38c0a500e7783d3efa20328aa8d6ab14f246be63b3b3d385502ba2b6b2a294
|
||||
|
||||
Loading…
Reference in New Issue
Block a user