import fapolicyd-1.1-6.el8_6.1
This commit is contained in:
CentOS Sources
root
parent
700d89d3a8
commit
ed18d15e02
19
SOURCES/fapolicyd-1.1.1-static.patch
Normal file
19
SOURCES/fapolicyd-1.1.1-static.patch
Normal file
@ -0,0 +1,19 @@
|
||||
diff -urp fapolicyd-1.1.1.orig/src/library/event.c fapolicyd-1.1.1/src/library/event.c
|
||||
--- fapolicyd-1.1.1.orig/src/library/event.c 2022-01-28 15:23:58.000000000 -0500
|
||||
+++ fapolicyd-1.1.1/src/library/event.c 2022-01-30 20:11:05.516785465 -0500
|
||||
@@ -140,7 +140,14 @@ int new_event(const struct fanotify_even
|
||||
|
||||
// We need to reset everything now that execve has finished
|
||||
if (s->info->state == STATE_STATIC_PARTIAL && !rc) {
|
||||
- s->info->state = STATE_STATIC;
|
||||
+ // If the static app itself launches an app right
|
||||
+ // away, go back to collecting.
|
||||
+ if (e->type & FAN_OPEN_EXEC_PERM)
|
||||
+ s->info->state = STATE_COLLECTING;
|
||||
+ else {
|
||||
+ s->info->state = STATE_STATIC;
|
||||
+ skip_path = 1;
|
||||
+ }
|
||||
evict = 0;
|
||||
skip_path = 1;
|
||||
subject_reset(s, EXE);
|
||||
@ -6,7 +6,7 @@
|
||||
Summary: Application Whitelisting Daemon
|
||||
Name: fapolicyd
|
||||
Version: 1.1
|
||||
Release: 6%{?dist}
|
||||
Release: 6%{?dist}.1
|
||||
License: GPLv3+
|
||||
URL: http://people.redhat.com/sgrubb/fapolicyd
|
||||
Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
|
||||
@ -36,6 +36,8 @@ Patch3: fapolicyd-reorder-rules.patch
|
||||
Patch4: fagenrules-group.patch
|
||||
# 2069120 - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path [rhel-8.6.0]
|
||||
Patch5: fapolicyd-1.1.1-ld_so.patch
|
||||
# 2084548 - Faulty handling of static applications [rhel-8.6.0.z]
|
||||
Patch6: fapolicyd-1.1.1-static.patch
|
||||
|
||||
%description
|
||||
Fapolicyd (File Access Policy Daemon) implements application whitelisting
|
||||
@ -67,6 +69,7 @@ The %{name}-selinux package contains selinux policy for the %{name} daemon.
|
||||
%patch3 -p1 -b .rules
|
||||
%patch4 -p1 -b .group
|
||||
%patch5 -p1 -b .ld_so
|
||||
%patch6 -p1 -b .static
|
||||
|
||||
# generate rules for python
|
||||
sed -i "s|%python2_path%|`readlink -f %{__python2}`|g" rules.d/*.rules
|
||||
@ -255,7 +258,13 @@ fi
|
||||
%selinux_relabel_post -s %{selinuxtype}
|
||||
|
||||
%changelog
|
||||
* Thu May 12 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-6.1
|
||||
RHEL 8.6.Z ERRATUM
|
||||
- Faulty handling of static applications
|
||||
Resolves: rhbz#2084548
|
||||
|
||||
* Wed Apr 06 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-6
|
||||
RHEL 8.6.0 ERRATUM
|
||||
- CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path
|
||||
Resolves: rhbz#2069120
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user