Radovan Sroka
32d8ed48cf
Update changelog and rebuild
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2023-06-15 17:35:43 +02:00
Radovan Sroka
419c239eb4
Rebase to fapolicyd v1.3.1 and selinux v0.6
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2023-06-15 17:30:07 +02:00
Radovan Sroka
8642d5655d
- migrated to SPDX license
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2023-06-13 11:37:17 +02:00
Petr Písař
641efeefbb
Rebuild against rpm-4.19 ( https://fedoraproject.org/wiki/Changes/RPM-4.19 )
2023-05-19 14:57:42 +02:00
Radovan Sroka
9db0c740b0
- SPDX Migration
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2023-03-15 12:26:55 +01:00
Radovan Sroka
2292734883
Rebase to v1.2
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2023-02-10 16:16:12 +01:00
Fedora Release Engineering
23487839d7
Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 03:02:33 +00:00
Vit Mojzis
2e8800c45d
tests: Add decentralized SELinux policy test
...
- Test for unsound/dangerous SELinux policy practices
- Perform static policy code check using SELint
For more details and debugging tips see
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Testing
2023-01-04 12:21:14 +00:00
Radovan Sroka
f4df635448
Rebuild for eln
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-12-02 17:52:14 +01:00
Yaakov Selkowitz
79313b5a89
Apply RHEL patches last
...
The implicit declarations fix broken the ELN build due to overlapping
patches. Applying the RHEL patches last, and adjusting them as needed
for Fedora changes, is the simplest way to make both builds successful.
2022-11-28 11:48:13 -05:00
Florian Weimer
49f103321f
Avoid implicit declaration of rpmFreeCrypto
...
Related to:
<https://fedoraproject.org/wiki/Changes/PortingToModernC >
<https://fedoraproject.org/wiki/Toolchain/PortingToModernC >
2022-11-28 11:58:06 +01:00
Radovan Sroka
ada077c995
Rebase to 1.1.7
...
fix build problem
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-11-28 11:15:08 +01:00
Radovan Sroka
4878f09f92
Rebase to 1.1.7
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-11-28 11:11:59 +01:00
Radovan Sroka
a99b7efd3e
Fix eln building
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-09-29 14:19:15 +02:00
Radovan Sroka
6228fd0a74
Rebase to 1.1.5
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-09-29 11:11:31 +02:00
Nikola Knazekova
ef414090b1
selinux: Update based on latest packaging guide
...
https://fedoraproject.org/wiki/SELinux/IndependentPolicy
Add dependency on selinux-policy-targeted
Exclude installed policy module file from RPM verification
Signed-off-by: Nikola Knazekova <nknazeko@redhat.com>
2022-09-26 13:02:39 +02:00
Radovan Sroka
0ede76ffa9
Fix bash completition definition in spec
...
Resolves: rhbz#2123065
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-08-31 19:14:26 +02:00
Radovan Sroka
78db532590
Add correct openssl and systemd dependencies
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-08-30 21:07:24 +02:00
Radovan Sroka
26e3a4e777
Rebase to 1.1.4
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-08-18 18:05:02 +02:00
Fedora Release Engineering
4be9ee7cf5
Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 02:45:08 +00:00
Radovan Sroka
6f0c3726ad
Removed dnf plugin
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-06-22 10:28:16 +02:00
Radovan Sroka
40537635b8
Rebase to 1.1.3
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-06-22 10:20:36 +02:00
Python Maint
fe8fa4b2c2
Rebuilt for Python 3.11
2022-06-15 18:15:35 +02:00
Radovan Sroka
182cc455be
Rebase to v1.1.2
...
- fixed CVE-2022-1117
Resolves: rhbz#2089692
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-05-25 13:41:20 +02:00
Radovan Sroka
f1912834ed
Forgot to add sources
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-03-30 14:12:06 +02:00
Radovan Sroka
16e5a8779e
Rebase to v1.1.1
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-03-30 14:01:49 +02:00
Radovan Sroka
0ce7579393
fapolicyd.rules should be ghost file
2022-02-15 15:50:27 +01:00
Radovan Sroka
f87a5c2885
Rebase to v1.1
...
- added rules.d support
2022-01-26 15:01:47 +01:00
Fedora Release Engineering
9889608225
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 02:38:49 +00:00
Björn Esser
5766f69e17
Rebuild(uthash)
...
Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-12-24 10:57:27 +01:00
Radovan Sroka
34bdf6e5b0
Rebase to 1.0.4
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-12-10 18:07:27 +01:00
Radovan Sroka
2a4ad6eae7
selinux: use watch perm correctly
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-09-01 11:20:41 +02:00
Fedora Release Engineering
3baac102cf
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 22:37:18 +00:00
Python Maint
123942e6d7
Rebuilt for Python 3.10
2021-06-04 20:04:01 +02:00
Radovan Sroka
fbd51d98e9
Enable tmt tests
...
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-04-14 17:33:35 +02:00
Radovan Sroka
907e9a087e
Rebase to 1.0.3
...
- sync fedora spec with rhel
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-04-01 22:48:40 +02:00
Zbigniew Jędrzejewski-Szmek
ed495d07ce
Rebuilt for updated systemd-rpm-macros
...
See https://pagure.io/fesco/issue/2583 .
2021-03-02 16:13:51 +01:00
Fedora Release Engineering
45492d59f0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 05:12:33 +00:00
Radovan Sroka
3cdc28b4cb
Rebase to 1.0.2
...
- enabled make check
- dnf-plugin is now required subpackage
2021-01-06 17:51:52 +01:00
Radovan Sroka
e97bf03c73
Rebase to 1.0.1
...
- introduced uthash dependency
- SELinux prevents the fapolicyd process from writing to /run/dbus/system_bus_socket
Resolves: rhbz#1874491
- SELinux prevents the fapolicyd process from writing to /var/lib/rpm directory
Resolves: rhbz#1876538
2020-11-17 09:45:08 +01:00
Fedora Release Engineering
c96e437e89
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 17:09:18 +00:00
Radovan Sroka
dbbcd10a89
New update of fapolicyd
...
- backported few cosmetic small patches from upstream master
- rebase selinux tarbal to v0.3
- file context pattern for /run/fapolicyd.pid is missing
Resolves: rhbz#1834674
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2020-06-24 17:18:23 +02:00
Miro Hrončok
6753203a0c
Rebuilt for Python 3.9
2020-05-26 02:45:14 +02:00
Radovan Sroka
5edde88663
Rebase fapolicyd to 1.0.0
...
- release now has 3 integrity modes: file size, IMA, and sha256 based
- it can now send event information to syslog
- the syslog event information is tailorable to how you'd like to see it
- there is now the ability to create sets of words that can be matched
against in the rules engine
- there are now 2 policies shipped: known-libs and restrictive
- fapolicyd-cli can now dump the trust db for inspection
- the integrity system needs sha256 hashes,
it will print a warning for files in rpms that do not have them
2020-05-25 15:20:08 +02:00
Radovan Sroka
9f13f29104
Rebase fapolicyd to 0.9.4
...
- polished the pattern detection engine
- rpm backend now drops most of the files in /usr/share/ to dramatically reduce
memory consumption and improve startup speed
- the commandline utility can now delete the lmdb trust database and manage
the file trust source
2020-03-23 18:57:05 +01:00
Radovan Sroka
4ffeb28e23
Rebase fapolicyd to 0.9.3
...
- dramatically improved startup time
- fapolicyd-cli has picked up --list and --ftype commands to help debug/write policy
- file type identification has been improved
- trust database statistics have been added to the reports
2020-02-24 14:20:46 +01:00
Radovan Sroka
6e714e474b
SELinux fix
...
- Label all fifo_file as fapolicyd_var_run_t in /var/run.
- Allow fapolicyd_t domain to create fifo files labeled as
fapolicyd_var_run_t
2020-02-04 09:45:21 +01:00
Radovan Sroka
193b9f0cdf
Rebase to fapolicyd 0.9.2
...
- allows watched mount points to be specified by file system types
- ELF file detection was improved
- the rules have been rewritten to express the policy based on subject
object trust for better performance and reliability
- exceptions for dracut and ansible were added to the rules to avoid problems
under normal system use
- adds an admin defined trust database (fapolicyd.trust)
- setting boost, queue, user, and group on the daemon
command line are deprecated
2020-02-03 12:35:43 +01:00
Fedora Release Engineering
ee02cf10a9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 18:06:28 +00:00
Marek Tamaskovic
e46e1e19b2
Update fapolicyd-selinux subpackage to version v0.2
2019-11-05 15:01:27 +01:00