RHEL 9.1.0 ERRATUM

- rebase fapolicyd to the latest stable vesion Resolves: rhbz#2100041 - fapolicyd gets way too easily killed by OOM killer Resolves: rhbz#2097385 - fapolicyd does not correctly handle SIGHUP Resolves: rhbz#2070655 - Introduce ppid rule attribute Resolves: rhbz#2102558 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-06-30 10:55:25 +02:00 · 2022-06-30 10:55:25 +02:00 · f9014707a8
commit f9014707a8
parent 2dc7eac9a4
2 changed files with 16 additions and 10 deletions
--- a/fapolicyd-selinux.patch
+++ b/fapolicyd-selinux.patch
@ -1,6 +1,6 @@
-diff --color -ru a/fapolicyd-selinux-0.4/fapolicyd.if b/fapolicyd-selinux-0.4/fapolicyd.if
--- a/fapolicyd-selinux-0.4/fapolicyd.if	2021-03-23 10:21:31.000000000 +0100
-+++ b/fapolicyd-selinux-0.4/fapolicyd.if	2021-12-14 13:35:17.842430123 +0100
+diff -up ./fapolicyd-selinux-0.4/fapolicyd.if.selinux ./fapolicyd-selinux-0.4/fapolicyd.if
+--- ./fapolicyd-selinux-0.4/fapolicyd.if.selinux	2021-03-23 10:21:31.000000000 +0100
+++ ./fapolicyd-selinux-0.4/fapolicyd.if	2022-06-30 10:52:05.112355159 +0200
@@ -2,6 +2,122 @@
 
 ########################################
@ -124,9 +124,9 @@ diff --color -ru a/fapolicyd-selinux-0.4/fapolicyd.if b/fapolicyd-selinux-0.4/fa
 ##	Execute fapolicyd_exec_t in the fapolicyd domain.
 ## </summary>
 ## <param name="domain">
-diff --color -ru a/fapolicyd-selinux-0.4/fapolicyd.te b/fapolicyd-selinux-0.4/fapolicyd.te
--- a/fapolicyd-selinux-0.4/fapolicyd.te	2021-03-23 10:21:31.000000000 +0100
-+++ b/fapolicyd-selinux-0.4/fapolicyd.te	2021-12-14 13:35:17.842430123 +0100
+diff -up ./fapolicyd-selinux-0.4/fapolicyd.te.selinux ./fapolicyd-selinux-0.4/fapolicyd.te
+--- ./fapolicyd-selinux-0.4/fapolicyd.te.selinux	2021-03-23 10:21:31.000000000 +0100
+++ ./fapolicyd-selinux-0.4/fapolicyd.te	2022-06-30 10:53:01.693055971 +0200
@@ -1,5 +1,6 @@
 policy_module(fapolicyd, 1.0.0)
 
@ -134,7 +134,7 @@ diff --color -ru a/fapolicyd-selinux-0.4/fapolicyd.te b/fapolicyd-selinux-0.4/fa
 ########################################
 #
 # Declarations
-@@ -36,6 +37,12 @@
+@@ -36,6 +37,12 @@ allow fapolicyd_t self:process { setcap
 allow fapolicyd_t self:unix_stream_socket create_stream_socket_perms;
 allow fapolicyd_t self:unix_dgram_socket create_socket_perms;
 
@ -147,9 +147,12 @@ diff --color -ru a/fapolicyd-selinux-0.4/fapolicyd.te b/fapolicyd-selinux-0.4/fa
 manage_files_pattern(fapolicyd_t, fapolicyd_log_t, fapolicyd_log_t)
 logging_log_filetrans(fapolicyd_t, fapolicyd_log_t, file)
 
-@@ -63,14 +70,20 @@
+@@ -61,16 +68,22 @@ corecmd_exec_bin(fapolicyd_t)
 
- files_mmap_usr_files(fapolicyd_t)
+ domain_read_all_domains_state(fapolicyd_t)
+ 
+-files_mmap_usr_files(fapolicyd_t)
+files_mmap_all_files(fapolicyd_t)
 files_read_all_files(fapolicyd_t)
 +files_watch_mount_boot_dirs(fapolicyd_t)
 +files_watch_with_perm_boot_dirs(fapolicyd_t)
--- a/fapolicyd.spec
+++ b/fapolicyd.spec
@ -5,7 +5,7 @@
 Summary: Application Whitelisting Daemon
 Name: fapolicyd
 Version: 1.1.3
-Release: 100%{?dist}
+Release: 101%{?dist}
 License: GPLv3+
 URL: http://people.redhat.com/sgrubb/fapolicyd
 Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
@ -270,12 +270,15 @@ fi

 %changelog
 * Wed Jun 22 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-100
+RHEL 9.1.0 ERRATUM
 - rebase fapolicyd to the latest stable vesion
 Resolves: rhbz#2100041
 - fapolicyd gets way too easily killed by OOM killer
 Resolves: rhbz#2097385
 - fapolicyd does not correctly handle SIGHUP
 Resolves: rhbz#2070655
+- Introduce ppid rule attribute
+Resolves: rhbz#2102558

 * Thu Jun 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-104
 RHEL 9.1.0 ERRATUM