- Rebase fapolicyd to the latest stable version
Resolves: RHEL-430
- fapolicyd can leak FDs and never answer request, causing target process to hang forever
Resolves: RHEL-621
- RFE: send rule number to fanotify so it gets audited
Resolves: RHEL-624
- fapolicyd needs to make sure the FD limit is never reached
Resolves: RHEL-623
- fapolicyd still allows execution of a program after "untrusting" it
Resolves: RHEL-622
- Default q_size doesn't match manpage's one
Resolves: RHEL-627
- fapolicyd-cli --update then mount/umount twice causes fapolicyd daemon to block (state 'D')
Resolves: RHEL-817
- Fix broken backwards compatibility backend numbers
Resolves: RHEL-730
- SELinux prevents the fapolicyd from reading symlink (cert_t)
Resolves: RHEL-816
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- Rebase fapolicyd to the latest stable version
Resolves: RHEL-430
- fapolicyd can leak FDs and never answer request, causing target process to hang forever
Resolves: RHEL-621
- RFE: send rule number to fanotify so it gets audited
Resolves: RHEL-624
- fapolicyd needs to make sure the FD limit is never reached
Resolves: RHEL-623
- fapolicyd still allows execution of a program after "untrusting" it
Resolves: RHEL-622
- Default q_size doesn't match manpage's one
Resolves: TBD
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- statically linked app can execute untrusted app
Resolves: rhbz#2097077
- fapolicyd ineffective with systemd DynamicUser=yes
Resolves: rhbz#2136802
- Starting manually fapolicyd while the service is already running breaks the system
Resolves: rhbz#2160517
- Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled
Resolves: rhbz#2160518
- fapolicyd: Introduce filtering of rpmdb
Resolves: RHEL-192
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- statically linked app can execute untrusted app
Resolves: rhbz#2097077
- fapolicyd ineffective with systemd DynamicUser=yes
Resolves: rhbz#2136802
- Starting manually fapolicyd while the service is already running breaks the system
Resolves: rhbz#2160517
- Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled
Resolves: rhbz#2160518
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- rebase fapolicyd to the latest stable vesion
Resolves: rhbz#2100041
- fapolicyd gets way too easily killed by OOM killer
Resolves: rhbz#2097385
- fapolicyd does not correctly handle SIGHUP
Resolves: rhbz#2070655
- Introduce ppid rule attribute
Resolves: rhbz#2102558
- fapolicyd often breaks package updates
Resolves: rhbz#2111244
- drop libgcrypt in favour of openssl
Resolves: rhbz#2111938
- Remove dnf plugin
Resolves: rhbz#2113959
- fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works
Resolves: rhbz#2115849
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
- rebase fapolicyd to the latest stable vesion
Resolves: rhbz#2100041
- fapolicyd gets way too easily killed by OOM killer
Resolves: rhbz#2097385
- fapolicyd does not correctly handle SIGHUP
Resolves: rhbz#2070655
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
