Commit Graph

66 Commits

Author SHA1 Message Date
Radovan Sroka
9db0c740b0
- SPDX Migration
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2023-03-15 12:26:55 +01:00
Radovan Sroka
2292734883
Rebase to v1.2
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2023-02-10 16:16:12 +01:00
Fedora Release Engineering
23487839d7 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 03:02:33 +00:00
Vit Mojzis
2e8800c45d tests: Add decentralized SELinux policy test
- Test for unsound/dangerous SELinux policy practices
- Perform static policy code check using SELint

For more details and debugging tips see
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Testing
2023-01-04 12:21:14 +00:00
Radovan Sroka
f4df635448 Rebuild for eln
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-12-02 17:52:14 +01:00
Yaakov Selkowitz
79313b5a89 Apply RHEL patches last
The implicit declarations fix broken the ELN build due to overlapping
patches.  Applying the RHEL patches last, and adjusting them as needed
for Fedora changes, is the simplest way to make both builds successful.
2022-11-28 11:48:13 -05:00
Florian Weimer
49f103321f Avoid implicit declaration of rpmFreeCrypto
Related to:

  <https://fedoraproject.org/wiki/Changes/PortingToModernC>
  <https://fedoraproject.org/wiki/Toolchain/PortingToModernC>
2022-11-28 11:58:06 +01:00
Radovan Sroka
ada077c995 Rebase to 1.1.7
fix build problem

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-11-28 11:15:08 +01:00
Radovan Sroka
4878f09f92 Rebase to 1.1.7
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-11-28 11:11:59 +01:00
Radovan Sroka
a99b7efd3e Fix eln building
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-09-29 14:19:15 +02:00
Radovan Sroka
6228fd0a74 Rebase to 1.1.5
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-09-29 11:11:31 +02:00
Nikola Knazekova
ef414090b1 selinux: Update based on latest packaging guide
https://fedoraproject.org/wiki/SELinux/IndependentPolicy
Add dependency on selinux-policy-targeted
Exclude installed policy module file from RPM verification

Signed-off-by: Nikola Knazekova <nknazeko@redhat.com>
2022-09-26 13:02:39 +02:00
Radovan Sroka
0ede76ffa9
Fix bash completition definition in spec
Resolves: rhbz#2123065

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-08-31 19:14:26 +02:00
Radovan Sroka
78db532590
Add correct openssl and systemd dependencies
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-08-30 21:07:24 +02:00
Radovan Sroka
26e3a4e777 Rebase to 1.1.4
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-08-18 18:05:02 +02:00
Fedora Release Engineering
4be9ee7cf5 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 02:45:08 +00:00
Radovan Sroka
6f0c3726ad Removed dnf plugin
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-06-22 10:28:16 +02:00
Radovan Sroka
40537635b8 Rebase to 1.1.3
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-06-22 10:20:36 +02:00
Python Maint
fe8fa4b2c2 Rebuilt for Python 3.11 2022-06-15 18:15:35 +02:00
Radovan Sroka
182cc455be
Rebase to v1.1.2
- fixed CVE-2022-1117
Resolves: rhbz#2089692

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-05-25 13:41:20 +02:00
Radovan Sroka
f1912834ed
Forgot to add sources
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-03-30 14:12:06 +02:00
Radovan Sroka
16e5a8779e
Rebase to v1.1.1
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-03-30 14:01:49 +02:00
Radovan Sroka
0ce7579393 fapolicyd.rules should be ghost file 2022-02-15 15:50:27 +01:00
Radovan Sroka
f87a5c2885 Rebase to v1.1
- added rules.d support
2022-01-26 15:01:47 +01:00
Fedora Release Engineering
9889608225 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 02:38:49 +00:00
Björn Esser
5766f69e17
Rebuild(uthash)
Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-12-24 10:57:27 +01:00
Radovan Sroka
34bdf6e5b0
Rebase to 1.0.4
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-12-10 18:07:27 +01:00
Radovan Sroka
2a4ad6eae7
selinux: use watch perm correctly
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-09-01 11:20:41 +02:00
Fedora Release Engineering
3baac102cf - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 22:37:18 +00:00
Python Maint
123942e6d7 Rebuilt for Python 3.10 2021-06-04 20:04:01 +02:00
Radovan Sroka
fbd51d98e9
Enable tmt tests
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-04-14 17:33:35 +02:00
Radovan Sroka
907e9a087e
Rebase to 1.0.3
- sync fedora spec with rhel

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-04-01 22:48:40 +02:00
Zbigniew Jędrzejewski-Szmek
ed495d07ce Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
2021-03-02 16:13:51 +01:00
Fedora Release Engineering
45492d59f0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 05:12:33 +00:00
Radovan Sroka
3cdc28b4cb
Rebase to 1.0.2
- enabled make check
- dnf-plugin is now required subpackage
2021-01-06 17:51:52 +01:00
Radovan Sroka
e97bf03c73
Rebase to 1.0.1
- introduced uthash dependency
- SELinux prevents the fapolicyd process from writing to /run/dbus/system_bus_socket
  Resolves: rhbz#1874491
- SELinux prevents the fapolicyd process from writing to /var/lib/rpm directory
  Resolves: rhbz#1876538
2020-11-17 09:45:08 +01:00
Fedora Release Engineering
c96e437e89 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 17:09:18 +00:00
Radovan Sroka
dbbcd10a89
New update of fapolicyd
- backported few cosmetic small patches from upstream master
- rebase selinux tarbal to v0.3
- file context pattern for /run/fapolicyd.pid is missing
  Resolves: rhbz#1834674

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2020-06-24 17:18:23 +02:00
Miro Hrončok
6753203a0c Rebuilt for Python 3.9 2020-05-26 02:45:14 +02:00
Radovan Sroka
5edde88663 Rebase fapolicyd to 1.0.0
- release now has 3 integrity modes: file size, IMA, and sha256 based
- it can now send event information to syslog
- the syslog event information is tailorable to how you'd like to see it
- there is now the ability to create sets of words that can be matched
  against in the rules engine
- there are now 2 policies shipped: known-libs and restrictive
- fapolicyd-cli can now dump the trust db for inspection
- the integrity system needs sha256 hashes,
  it will print a warning for files in rpms that do not have them
2020-05-25 15:20:08 +02:00
Radovan Sroka
9f13f29104 Rebase fapolicyd to 0.9.4
- polished the pattern detection engine
- rpm backend now drops most of the files in /usr/share/ to dramatically reduce
  memory consumption and improve startup speed
- the commandline utility can now delete the lmdb trust database and manage
    the file trust source
2020-03-23 18:57:05 +01:00
Radovan Sroka
4ffeb28e23 Rebase fapolicyd to 0.9.3
- dramatically improved startup time
- fapolicyd-cli has picked up --list and --ftype commands to help debug/write policy
- file type identification has been improved
- trust database statistics have been added to the reports
2020-02-24 14:20:46 +01:00
Radovan Sroka
6e714e474b SELinux fix
- Label all fifo_file as fapolicyd_var_run_t in /var/run.
- Allow fapolicyd_t domain to create fifo files labeled as
  fapolicyd_var_run_t
2020-02-04 09:45:21 +01:00
Radovan Sroka
193b9f0cdf Rebase to fapolicyd 0.9.2
- allows watched mount points to be specified by file system types
- ELF file detection was improved
- the rules have been rewritten to express the policy based on subject
  object trust for better performance and reliability
- exceptions for dracut and ansible were added to the rules to avoid problems
  under normal system use
- adds an admin defined trust database (fapolicyd.trust)
- setting boost, queue, user, and group on the daemon
  command line are deprecated
2020-02-03 12:35:43 +01:00
Fedora Release Engineering
ee02cf10a9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 18:06:28 +00:00
Marek Tamaskovic
e46e1e19b2 Update fapolicyd-selinux subpackage to version v0.2 2019-11-05 15:01:27 +01:00
Radovan Sroka
73b7231dfc Added fapolicyd-selinux subpackage 2019-10-07 14:46:26 +02:00
Radovan Sroka
32c7f28dc8 New upstream release
Improved subject cache management, performance improvements, drop need for
fapolicyd.mounts file - daemon detects filesystems to monitor, stop collecting
documentation in the trust database, and handle long paths.
2019-10-07 13:40:06 +02:00
Miro Hrončok
70553de897 Rebuilt for Python 3.8.0rc1 (#1748018) 2019-10-03 13:53:07 +02:00
Radovan Sroka
157f8de90e Rebase to 0.8.10 2019-08-30 13:05:25 +02:00