rpms/fapolicyd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
112 Commits 8 Branches 71 Tags 692 KiB
0b30eca8df
Commit Graph

112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Petr Lautrbach
0b30eca8df rebuild 
Resolves: RHEL-166376
 2026-04-13 12:07:46 +02:00
Petr Lautrbach
bda317eaca Drop unused patches 
Related: RHEL-166376
 2026-04-13 11:32:48 +02:00
Petr Lautrbach
ac887d8694 fapolicyd-1.4.5 
https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.5

Resolves: RHEL-166159
 2026-04-10 10:20:33 +02:00
Petr Lautrbach
9a2e2d000d fapolicyd-1.4.3-3 
- Fix 32-bit ELF dynamic section parsing
Resolves: RHEL-147453
 2026-02-06 17:59:52 +01:00
Petr Lautrbach
11889fd100 fapolicyd-1.4.3-2 
- Fix binary path of rpm-loader
- Map file with MAP_SHARED instead of MAP_PRIVATE
- Fix segfault when interrupting fapolicyd startup

Resolves: RHEL-142948
 2026-01-27 08:46:34 +01:00
Petr Lautrbach
1d034e244e Fix mime type for #!/usr/bin/sh 
Related: RHEL-131723
 2026-01-20 08:58:15 +01:00
Petr Lautrbach
fec16cd955 Own /usr/share/selinux/devel 
If an SELinux module provides interface file, -selinux sub-packages
should ship it and own it as %{_datadir}/selinux/devel/include/distributed/%{modulename}.if

But there's no package which owns %{_datadir}/selinux/devel/include/distributed/ -
https://docs.fedoraproject.org/en-US/packaging-guidelines/UnownedDirectories/

%{_datadir}/selinux/devel is owned by selinux-policy-devel but this is
not a right dependency for -selinux subpackage

Resolves: RHEL-141846
 2026-01-16 09:47:12 +01:00
Petr Lautrbach
7770be8377 fapolicyd-1.4.3 
https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.3
https://github.com/linux-application-whitelisting/fapolicyd-selinux/releases/tag/v1.1

Resolves: RHEL-131723
Resolves: RHEL-132455
Resovles: RHEL-30443
 2026-01-13 14:05:22 +01:00
Petr Lautrbach
1de364701d fapolicyd-1.4.2 
https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.2

Resolves: RHEL-94786
 2025-11-27 11:16:12 +01:00
Petr Lautrbach
4f49bd0868 fapolicyd-1.4.1-2 
- Install SELinux policy hardening module
Resolves: RHEL-1368
 2025-11-07 17:39:40 +01:00
Petr Lautrbach
ea744010c8 Install SELinux policy hardening module 
fapolicyd-hardening module prevents usage of sigstop, sigkill and ptrace

Resolves: RHEL-1368
 2025-11-07 17:39:40 +01:00
Petr Lautrbach
63ac76bd62 Improve -selinux packaging to follow the guidelines 
https://fedoraproject.org/wiki/SELinux/IndependentPolicy

Related: RHEL-1368
 2025-11-07 11:05:33 +01:00
Petr Lautrbach
e59366c622 fapolicyd-1.4.1 
https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.1

Resolves: RHEL-118362
Resolves: RHEL-120827
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
ccd6aa0436 fapolicyd-1.4 
https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4

Resolves: RHEL-118362
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
e1b6717d24 It's not necessary to load new rules 
They'll be loaded during %postun phase when fapolicyd is restarted

Related: RHEL-118362
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
d6ecea1042 Generate default rules set based on README-rules 
Goal: shorter spec without hardcoded paths

Related: RHEL-118362
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
2ba8171ee5 Improve readability of sed commands 
Related: RHEL-118362
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
82a58056ac fapolicyd-1.3.7-1 
Resolves: RHEL-118362
Resolves: RHEL-120827
 2025-10-17 20:27:44 +02:00
Milos Malik
9c2f099450 run CI tests from the new repo instead of the old one 
The new fapolicyd tests repository is located on the following URL:
 * https://github.com/linux-application-whitelisting/fapolicyd-tests

The CI plan should select and run tests from the new repository.
 2025-10-15 11:14:08 +02:00
Petr Lautrbach
d08d2c8d89 fapolicyd-1.3.3-107 
- Fix owner:group of /etc/fapolicyd on boot
Resolves: RHEL-104873
 2025-08-20 09:46:35 +02:00
Petr Lautrbach
09536152e5 Change /usr/share/fapolicyd to root:root 
fapolicyd group does not have write access anyway.

Fixes problem with dynamic user in image mode where it's not possible to
use tmpfiles.d as the filesystem is readonly

Resolves: RHEL-104873
 2025-08-20 09:37:26 +02:00
Petr Lautrbach
e1bfe7b101 Fix owner:group of /etc/fapolicyd on boot 
On image based systems, fapolicyd user and group could have a different
uid used during container build and in booted container

Resolves: RHEL-104873
 2025-08-20 09:35:52 +02:00
Petr Lautrbach
562d9eed5f fapolicyd-1.3.3-106 
- Add /var/lib/fapolicyd to tmpfiles
Resolves: RHEL-104873
- Allow fapolicyd to connect to systemd-machined
Resolves: RHEL-77071
 2025-08-18 08:47:35 +02:00
Petr Lautrbach
ac30c65223 Allow fapolicyd to connect to systemd-machined 
Resolves: RHEL-77071
 2025-08-18 07:42:23 +02:00
Petr Lautrbach
70b0c24724 Add /var/lib/fapolicyd to tmpfiles 
On image based system, /var/lib/fapolicyd is not created during rpm
installation but needs to be created during boot using tmpfiles.d

Fixes:
    fapolicyd[1463]: Failed writing db version No such file or directory

Resolves: RHEL-104873
 2025-08-18 07:20:44 +02:00
Petr Lautrbach
ce823087c8 install fapolicyd sysusers.d configuration 
See https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/

Fixes creating user and groups on image mode system

Resolves: RHEL-104873
 2025-08-18 07:17:04 +02:00
Radovan Sroka
1165ecc896 RHEL 10.1 ERRATUM 
- add selinux patch for bin/sbin equivalence

- "fapolicyd-cli --file add" crashes when processing sockets
Resolves: RHEL-105425

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2025-07-29 11:42:07 +02:00
Radovan Sroka
99663924fa RHEL 10.1 ERRATUM 
- RPMDB crashes with SIGBUS when updating the RPMDB repeatedly
Resolves: RHEL-94540

- fixed failures in CI

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2025-07-24 10:19:31 +02:00
Radovan Sroka
60a6dd7b73
RHEL 10.1 ERRATUM 
- RPMDB crashes with SIGBUS when updating the RPMDB repeatedly
Resolves: RHEL-94540
- File /run/fapolicyd differs from RPM expectations
Resolves: RHEL-94536
- fapolicyd.service badly instructs how to start after nss-user-lookup.target
Resolves: RHEL-94538
- fapolicy rule containing 'pattern=normal' produces error
Resolves: RHEL-94537

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2025-05-30 14:49:00 +02:00
Troy Dawson
62a57978ad Bump release for October 2024 mass rebuild: 
Resolves: RHEL-64018
 2024-10-29 08:23:22 -07:00
Super User
770310f479 Remove test dir, using .fmf plan 2024-07-10 15:36:33 +02:00
Troy Dawson
8300d9ece6 Bump release for June 2024 mass rebuild 2024-06-24 08:41:47 -07:00
koncpa
aeda2278c4 Update name of passing set ot tests in gating 2024-05-22 12:07:33 +02:00
koncpa
6d57786560 Add gating.yaml to require test as part of gating 2024-05-20 15:50:43 +02:00
Radovan Sroka
f795d5fc20
RHEL 10.0.0 ERRATUM 
- rebase to fapolicy-1.3.3 and fapolicyd-selinux-0.7
Resolves: RHEL-36287

Signed-off-by: Radovan Sroka <rsroka@redhat.com>

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2024-05-17 13:12:15 +02:00
koncpa
caa5d4153c Remove wrongly added plan and add new ci plans 
Resolves: RHEL-36744

Signed-off-by: Patrik Koncity <pkoncity@redhat.com>
 2024-05-17 12:28:48 +02:00
Radovan Sroka
c5a1b34c64
RHEL 10.0.0 ERRATUM 
- rebase to fapolicy-1.3.3 and fapolicyd-selinux-0.7
Resolves: RHEL-36287

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2024-05-14 13:26:54 +02:00
Fedora Release Engineering
d226921cd2 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-24 11:11:09 +00:00
Fedora Release Engineering
10acac14a1 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-19 18:52:08 +00:00
Patrik Koncity
93473de397 Change url with location of fapolicyd tests 2023-11-23 14:20:48 +01:00
Fedora Release Engineering
17b27aa7b1 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-07-19 19:16:08 +00:00
Radovan Sroka
cc47ad2109
Rebase to v1.3.2 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-07-10 10:32:14 +02:00
Radovan Sroka
32d8ed48cf
Update changelog and rebuild 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-06-15 17:35:43 +02:00
Radovan Sroka
419c239eb4
Rebase to fapolicyd v1.3.1 and selinux v0.6 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-06-15 17:30:07 +02:00
Radovan Sroka
8642d5655d
- migrated to SPDX license 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-06-13 11:37:17 +02:00
Petr Písař
641efeefbb Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) 2023-05-19 14:57:42 +02:00
Radovan Sroka
9db0c740b0
- SPDX Migration 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-03-15 12:26:55 +01:00
Radovan Sroka
2292734883
Rebase to v1.2 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-02-10 16:16:12 +01:00
Fedora Release Engineering
23487839d7 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-01-19 03:02:33 +00:00
Vit Mojzis
2e8800c45d tests: Add decentralized SELinux policy test 
- Test for unsound/dangerous SELinux policy practices
- Perform static policy code check using SELint

For more details and debugging tips see
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Testing
 2023-01-04 12:21:14 +00:00