rpms/fapolicyd
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import fapolicyd-1.1-6.el8_6.1

Browse Source
This commit is contained in:
CentOS Sources 2022-08-02 03:08:07 -04:00 committed by root
parent 700d89d3a8
commit ed18d15e02
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
SOURCES/fapolicyd-1.1.1-static.patch Normal file
View File

@ -0,0 +1,19 @@
diff -urp fapolicyd-1.1.1.orig/src/library/event.c fapolicyd-1.1.1/src/library/event.c
--- fapolicyd-1.1.1.orig/src/library/event.c 2022-01-28 15:23:58.000000000 -0500
+++ fapolicyd-1.1.1/src/library/event.c 2022-01-30 20:11:05.516785465 -0500
@@ -140,7 +140,14 @@ int new_event(const struct fanotify_even
// We need to reset everything now that execve has finished
if (s->info->state == STATE_STATIC_PARTIAL && !rc) {
- s->info->state = STATE_STATIC;
+ // If the static app itself launches an app right
+ // away, go back to collecting.
+ if (e->type & FAN_OPEN_EXEC_PERM)
+ s->info->state = STATE_COLLECTING;
+ else {
+ s->info->state = STATE_STATIC;
+ skip_path = 1;
+ }
evict = 0;
skip_path = 1;
subject_reset(s, EXE);

11
SPECS/fapolicyd.spec
View File

@ -6,7 +6,7 @@
Summary: Application Whitelisting Daemon Summary: Application Whitelisting Daemon
Name: fapolicyd Name: fapolicyd
Version: 1.1 Version: 1.1
Release: 6%{?dist} Release: 6%{?dist}.1
License: GPLv3+ License: GPLv3+
URL: http://people.redhat.com/sgrubb/fapolicyd URL: http://people.redhat.com/sgrubb/fapolicyd
Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
@ -36,6 +36,8 @@ Patch3: fapolicyd-reorder-rules.patch
Patch4: fagenrules-group.patch Patch4: fagenrules-group.patch
# 2069120 - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path [rhel-8.6.0] # 2069120 - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path [rhel-8.6.0]
Patch5: fapolicyd-1.1.1-ld_so.patch Patch5: fapolicyd-1.1.1-ld_so.patch
# 2084548 - Faulty handling of static applications [rhel-8.6.0.z]
Patch6: fapolicyd-1.1.1-static.patch
%description %description
Fapolicyd (File Access Policy Daemon) implements application whitelisting Fapolicyd (File Access Policy Daemon) implements application whitelisting
@ -67,6 +69,7 @@ The %{name}-selinux package contains selinux policy for the %{name} daemon.
%patch3 -p1 -b .rules %patch3 -p1 -b .rules
%patch4 -p1 -b .group %patch4 -p1 -b .group
%patch5 -p1 -b .ld_so %patch5 -p1 -b .ld_so
%patch6 -p1 -b .static
# generate rules for python # generate rules for python
sed -i "s|%python2_path%|`readlink -f %{__python2}`|g" rules.d/*.rules sed -i "s|%python2_path%|`readlink -f %{__python2}`|g" rules.d/*.rules
@ -255,7 +258,13 @@ fi
%selinux_relabel_post -s %{selinuxtype} %selinux_relabel_post -s %{selinuxtype}
%changelog %changelog
* Thu May 12 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-6.1
RHEL 8.6.Z ERRATUM
- Faulty handling of static applications
Resolves: rhbz#2084548
* Wed Apr 06 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-6 * Wed Apr 06 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-6
RHEL 8.6.0 ERRATUM
- CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path
Resolves: rhbz#2069120 Resolves: rhbz#2069120