- dramatically improved startup time
- fapolicyd-cli has picked up --list and --ftype commands to help debug/write policy
- file type identification has been improved
- trust database statistics have been added to the reports
- allows watched mount points to be specified by file system types
- ELF file detection was improved
- the rules have been rewritten to express the policy based on subject
object trust for better performance and reliability
- exceptions for dracut and ansible were added to the rules to avoid problems
under normal system use
- adds an admin defined trust database (fapolicyd.trust)
- setting boost, queue, user, and group on the daemon
command line are deprecated
Improved subject cache management, performance improvements, drop need for
fapolicyd.mounts file - daemon detects filesystems to monitor, stop collecting
documentation in the trust database, and handle long paths.
This release features:
- systemd usage updates
- file permission adjustments based on selinux policy review
- unterminated reads of auid & sessionid values was fixed
- ld_preload pattern is deprecated for now
