Commit Graph

53 Commits

Author SHA1 Message Date
Nikola Knazekova
ef414090b1 selinux: Update based on latest packaging guide
https://fedoraproject.org/wiki/SELinux/IndependentPolicy
Add dependency on selinux-policy-targeted
Exclude installed policy module file from RPM verification

Signed-off-by: Nikola Knazekova <nknazeko@redhat.com>
2022-09-26 13:02:39 +02:00
Radovan Sroka
0ede76ffa9
Fix bash completition definition in spec
Resolves: rhbz#2123065

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-08-31 19:14:26 +02:00
Radovan Sroka
78db532590
Add correct openssl and systemd dependencies
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-08-30 21:07:24 +02:00
Radovan Sroka
26e3a4e777 Rebase to 1.1.4
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-08-18 18:05:02 +02:00
Fedora Release Engineering
4be9ee7cf5 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 02:45:08 +00:00
Radovan Sroka
6f0c3726ad Removed dnf plugin
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-06-22 10:28:16 +02:00
Radovan Sroka
40537635b8 Rebase to 1.1.3
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-06-22 10:20:36 +02:00
Python Maint
fe8fa4b2c2 Rebuilt for Python 3.11 2022-06-15 18:15:35 +02:00
Radovan Sroka
182cc455be
Rebase to v1.1.2
- fixed CVE-2022-1117
Resolves: rhbz#2089692

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-05-25 13:41:20 +02:00
Radovan Sroka
f1912834ed
Forgot to add sources
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-03-30 14:12:06 +02:00
Radovan Sroka
16e5a8779e
Rebase to v1.1.1
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2022-03-30 14:01:49 +02:00
Radovan Sroka
0ce7579393 fapolicyd.rules should be ghost file 2022-02-15 15:50:27 +01:00
Radovan Sroka
f87a5c2885 Rebase to v1.1
- added rules.d support
2022-01-26 15:01:47 +01:00
Fedora Release Engineering
9889608225 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 02:38:49 +00:00
Björn Esser
5766f69e17
Rebuild(uthash)
Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-12-24 10:57:27 +01:00
Radovan Sroka
34bdf6e5b0
Rebase to 1.0.4
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-12-10 18:07:27 +01:00
Radovan Sroka
2a4ad6eae7
selinux: use watch perm correctly
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-09-01 11:20:41 +02:00
Fedora Release Engineering
3baac102cf - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 22:37:18 +00:00
Python Maint
123942e6d7 Rebuilt for Python 3.10 2021-06-04 20:04:01 +02:00
Radovan Sroka
907e9a087e
Rebase to 1.0.3
- sync fedora spec with rhel

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2021-04-01 22:48:40 +02:00
Zbigniew Jędrzejewski-Szmek
ed495d07ce Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
2021-03-02 16:13:51 +01:00
Fedora Release Engineering
45492d59f0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 05:12:33 +00:00
Radovan Sroka
3cdc28b4cb
Rebase to 1.0.2
- enabled make check
- dnf-plugin is now required subpackage
2021-01-06 17:51:52 +01:00
Radovan Sroka
e97bf03c73
Rebase to 1.0.1
- introduced uthash dependency
- SELinux prevents the fapolicyd process from writing to /run/dbus/system_bus_socket
  Resolves: rhbz#1874491
- SELinux prevents the fapolicyd process from writing to /var/lib/rpm directory
  Resolves: rhbz#1876538
2020-11-17 09:45:08 +01:00
Fedora Release Engineering
c96e437e89 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 17:09:18 +00:00
Radovan Sroka
dbbcd10a89
New update of fapolicyd
- backported few cosmetic small patches from upstream master
- rebase selinux tarbal to v0.3
- file context pattern for /run/fapolicyd.pid is missing
  Resolves: rhbz#1834674

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2020-06-24 17:18:23 +02:00
Miro Hrončok
6753203a0c Rebuilt for Python 3.9 2020-05-26 02:45:14 +02:00
Radovan Sroka
5edde88663 Rebase fapolicyd to 1.0.0
- release now has 3 integrity modes: file size, IMA, and sha256 based
- it can now send event information to syslog
- the syslog event information is tailorable to how you'd like to see it
- there is now the ability to create sets of words that can be matched
  against in the rules engine
- there are now 2 policies shipped: known-libs and restrictive
- fapolicyd-cli can now dump the trust db for inspection
- the integrity system needs sha256 hashes,
  it will print a warning for files in rpms that do not have them
2020-05-25 15:20:08 +02:00
Radovan Sroka
9f13f29104 Rebase fapolicyd to 0.9.4
- polished the pattern detection engine
- rpm backend now drops most of the files in /usr/share/ to dramatically reduce
  memory consumption and improve startup speed
- the commandline utility can now delete the lmdb trust database and manage
    the file trust source
2020-03-23 18:57:05 +01:00
Radovan Sroka
4ffeb28e23 Rebase fapolicyd to 0.9.3
- dramatically improved startup time
- fapolicyd-cli has picked up --list and --ftype commands to help debug/write policy
- file type identification has been improved
- trust database statistics have been added to the reports
2020-02-24 14:20:46 +01:00
Radovan Sroka
6e714e474b SELinux fix
- Label all fifo_file as fapolicyd_var_run_t in /var/run.
- Allow fapolicyd_t domain to create fifo files labeled as
  fapolicyd_var_run_t
2020-02-04 09:45:21 +01:00
Radovan Sroka
193b9f0cdf Rebase to fapolicyd 0.9.2
- allows watched mount points to be specified by file system types
- ELF file detection was improved
- the rules have been rewritten to express the policy based on subject
  object trust for better performance and reliability
- exceptions for dracut and ansible were added to the rules to avoid problems
  under normal system use
- adds an admin defined trust database (fapolicyd.trust)
- setting boost, queue, user, and group on the daemon
  command line are deprecated
2020-02-03 12:35:43 +01:00
Fedora Release Engineering
ee02cf10a9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 18:06:28 +00:00
Marek Tamaskovic
e46e1e19b2 Update fapolicyd-selinux subpackage to version v0.2 2019-11-05 15:01:27 +01:00
Radovan Sroka
73b7231dfc Added fapolicyd-selinux subpackage 2019-10-07 14:46:26 +02:00
Radovan Sroka
32c7f28dc8 New upstream release
Improved subject cache management, performance improvements, drop need for
fapolicyd.mounts file - daemon detects filesystems to monitor, stop collecting
documentation in the trust database, and handle long paths.
2019-10-07 13:40:06 +02:00
Miro Hrončok
70553de897 Rebuilt for Python 3.8.0rc1 (#1748018) 2019-10-03 13:53:07 +02:00
Radovan Sroka
157f8de90e Rebase to 0.8.10 2019-08-30 13:05:25 +02:00
Miro Hrončok
e99464298e Rebuilt for Python 3.8 2019-08-19 10:13:42 +02:00
Fedora Release Engineering
d6b316ed06 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 00:11:34 +00:00
Igor Gnatenko
6a36166442
Rebuild for RPM 4.15
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-06-11 00:13:18 +02:00
Igor Gnatenko
43e3df26b3
Rebuild for RPM 4.15
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-06-10 17:42:01 +02:00
Radovan Sroka
c8075c471d New upstream release
This release features:
- systemd usage updates
- file permission adjustments based on selinux policy review
- unterminated reads of auid & sessionid values was fixed
- ld_preload pattern is deprecated for now
2019-05-06 12:27:39 +02:00
Radovan Sroka
917c00eccc Backport some patches to resolve dac_override for fapolicyd 2019-03-14 00:11:45 +01:00
Radovan Sroka
f575ae0ed6 New upstream release
- Added new DNF plugin that can update the trust database when rpms are installed
- Added support for FAN_OPEN_EXEC_PERM
2019-03-11 12:23:07 +01:00
Fedora Release Engineering
eeb3038e98 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 19:20:00 +00:00
Steve Grubb
c2c99a33af New upstream bugfix release 2018-10-03 18:24:56 -04:00
Fedora Release Engineering
e3e9cb7389 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 00:19:30 +00:00
Igor Gnatenko
a975d12bce add BuildRequires: gcc
Reference: https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
2018-07-09 19:06:44 +02:00
Steve Grubb
cb2278bf4e fix bogus date 2018-06-07 09:23:30 -04:00