If an SELinux module provides interface file, -selinux sub-packages
should ship it and own it as %{_datadir}/selinux/devel/include/distributed/%{modulename}.if
But there's no package which owns %{_datadir}/selinux/devel/include/distributed/ -
https://docs.fedoraproject.org/en-US/packaging-guidelines/UnownedDirectories/
%{_datadir}/selinux/devel is owned by selinux-policy-devel but this is
not a right dependency for -selinux subpackage
Resolves: RHEL-141842
fapolicyd group does not have write access anyway.
Fixes problem with dynamic user in image mode where it's not possible to
use tmpfiles.d as the filesystem is readonly
Resolves: RHEL-104873
On image based system, /var/lib/fapolicyd is not created during rpm
installation but needs to be created during boot using tmpfiles.d
Fixes:
fapolicyd[1463]: Failed writing db version No such file or directory
Resolves: RHEL-109682
- RPMDB crashes with SIGBUS when updating the RPMDB repeatedly
Resolves: RHEL-63090
- fixed failures in CI
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- Rebase fapolicyd to the latest stable version
Resolves: RHEL-430
- fapolicyd can leak FDs and never answer request, causing target process to hang forever
Resolves: RHEL-621
- RFE: send rule number to fanotify so it gets audited
Resolves: RHEL-624
- fapolicyd needs to make sure the FD limit is never reached
Resolves: RHEL-623
- fapolicyd still allows execution of a program after "untrusting" it
Resolves: RHEL-622
- Default q_size doesn't match manpage's one
Resolves: RHEL-627
- fapolicyd-cli --update then mount/umount twice causes fapolicyd daemon to block (state 'D')
Resolves: RHEL-817
- Fix broken backwards compatibility backend numbers
Resolves: RHEL-730
- SELinux prevents the fapolicyd from reading symlink (cert_t)
Resolves: RHEL-816
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- Rebase fapolicyd to the latest stable version
Resolves: RHEL-430
- fapolicyd can leak FDs and never answer request, causing target process to hang forever
Resolves: RHEL-621
- RFE: send rule number to fanotify so it gets audited
Resolves: RHEL-624
- fapolicyd needs to make sure the FD limit is never reached
Resolves: RHEL-623
- fapolicyd still allows execution of a program after "untrusting" it
Resolves: RHEL-622
- Default q_size doesn't match manpage's one
Resolves: TBD
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- statically linked app can execute untrusted app
Resolves: rhbz#2097077
- fapolicyd ineffective with systemd DynamicUser=yes
Resolves: rhbz#2136802
- Starting manually fapolicyd while the service is already running breaks the system
Resolves: rhbz#2160517
- Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled
Resolves: rhbz#2160518
- fapolicyd: Introduce filtering of rpmdb
Resolves: RHEL-192
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- statically linked app can execute untrusted app
Resolves: rhbz#2097077
- fapolicyd ineffective with systemd DynamicUser=yes
Resolves: rhbz#2136802
- Starting manually fapolicyd while the service is already running breaks the system
Resolves: rhbz#2160517
- Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled
Resolves: rhbz#2160518
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- rebase fapolicyd to the latest stable vesion
Resolves: rhbz#2100041
- fapolicyd gets way too easily killed by OOM killer
Resolves: rhbz#2097385
- fapolicyd does not correctly handle SIGHUP
Resolves: rhbz#2070655
- Introduce ppid rule attribute
Resolves: rhbz#2102558
- fapolicyd often breaks package updates
Resolves: rhbz#2111244
- drop libgcrypt in favour of openssl
Resolves: rhbz#2111938
- Remove dnf plugin
Resolves: rhbz#2113959
- fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works
Resolves: rhbz#2115849
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- rebase fapolicyd to the latest stable vesion
Resolves: rhbz#2100041
- fapolicyd gets way too easily killed by OOM killer
Resolves: rhbz#2097385
- fapolicyd does not correctly handle SIGHUP
Resolves: rhbz#2070655
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
