rpms/fapolicyd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
106 Commits 7 Branches 63 Tags 611 KiB
fec16cd955
Commit Graph

106 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Petr Lautrbach
fec16cd955 Own /usr/share/selinux/devel 
If an SELinux module provides interface file, -selinux sub-packages
should ship it and own it as %{_datadir}/selinux/devel/include/distributed/%{modulename}.if

But there's no package which owns %{_datadir}/selinux/devel/include/distributed/ -
https://docs.fedoraproject.org/en-US/packaging-guidelines/UnownedDirectories/

%{_datadir}/selinux/devel is owned by selinux-policy-devel but this is
not a right dependency for -selinux subpackage

Resolves: RHEL-141846
 2026-01-16 09:47:12 +01:00
Petr Lautrbach
7770be8377 fapolicyd-1.4.3 
https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.3
https://github.com/linux-application-whitelisting/fapolicyd-selinux/releases/tag/v1.1

Resolves: RHEL-131723
Resolves: RHEL-132455
Resovles: RHEL-30443
 2026-01-13 14:05:22 +01:00
Petr Lautrbach
1de364701d fapolicyd-1.4.2 
https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.2

Resolves: RHEL-94786
 2025-11-27 11:16:12 +01:00
Petr Lautrbach
4f49bd0868 fapolicyd-1.4.1-2 
- Install SELinux policy hardening module
Resolves: RHEL-1368
 2025-11-07 17:39:40 +01:00
Petr Lautrbach
ea744010c8 Install SELinux policy hardening module 
fapolicyd-hardening module prevents usage of sigstop, sigkill and ptrace

Resolves: RHEL-1368
 2025-11-07 17:39:40 +01:00
Petr Lautrbach
63ac76bd62 Improve -selinux packaging to follow the guidelines 
https://fedoraproject.org/wiki/SELinux/IndependentPolicy

Related: RHEL-1368
 2025-11-07 11:05:33 +01:00
Petr Lautrbach
e59366c622 fapolicyd-1.4.1 
https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.1

Resolves: RHEL-118362
Resolves: RHEL-120827
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
ccd6aa0436 fapolicyd-1.4 
https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4

Resolves: RHEL-118362
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
e1b6717d24 It's not necessary to load new rules 
They'll be loaded during %postun phase when fapolicyd is restarted

Related: RHEL-118362
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
d6ecea1042 Generate default rules set based on README-rules 
Goal: shorter spec without hardcoded paths

Related: RHEL-118362
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
2ba8171ee5 Improve readability of sed commands 
Related: RHEL-118362
 2025-11-02 10:27:50 +01:00
Petr Lautrbach
82a58056ac fapolicyd-1.3.7-1 
Resolves: RHEL-118362
Resolves: RHEL-120827
 2025-10-17 20:27:44 +02:00
Milos Malik
9c2f099450 run CI tests from the new repo instead of the old one 
The new fapolicyd tests repository is located on the following URL:
 * https://github.com/linux-application-whitelisting/fapolicyd-tests

The CI plan should select and run tests from the new repository.
 2025-10-15 11:14:08 +02:00
Petr Lautrbach
d08d2c8d89 fapolicyd-1.3.3-107 
- Fix owner:group of /etc/fapolicyd on boot
Resolves: RHEL-104873
 2025-08-20 09:46:35 +02:00
Petr Lautrbach
09536152e5 Change /usr/share/fapolicyd to root:root 
fapolicyd group does not have write access anyway.

Fixes problem with dynamic user in image mode where it's not possible to
use tmpfiles.d as the filesystem is readonly

Resolves: RHEL-104873
 2025-08-20 09:37:26 +02:00
Petr Lautrbach
e1bfe7b101 Fix owner:group of /etc/fapolicyd on boot 
On image based systems, fapolicyd user and group could have a different
uid used during container build and in booted container

Resolves: RHEL-104873
 2025-08-20 09:35:52 +02:00
Petr Lautrbach
562d9eed5f fapolicyd-1.3.3-106 
- Add /var/lib/fapolicyd to tmpfiles
Resolves: RHEL-104873
- Allow fapolicyd to connect to systemd-machined
Resolves: RHEL-77071
 2025-08-18 08:47:35 +02:00
Petr Lautrbach
ac30c65223 Allow fapolicyd to connect to systemd-machined 
Resolves: RHEL-77071
 2025-08-18 07:42:23 +02:00
Petr Lautrbach
70b0c24724 Add /var/lib/fapolicyd to tmpfiles 
On image based system, /var/lib/fapolicyd is not created during rpm
installation but needs to be created during boot using tmpfiles.d

Fixes:
    fapolicyd[1463]: Failed writing db version No such file or directory

Resolves: RHEL-104873
 2025-08-18 07:20:44 +02:00
Petr Lautrbach
ce823087c8 install fapolicyd sysusers.d configuration 
See https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/

Fixes creating user and groups on image mode system

Resolves: RHEL-104873
 2025-08-18 07:17:04 +02:00
Radovan Sroka
1165ecc896 RHEL 10.1 ERRATUM 
- add selinux patch for bin/sbin equivalence

- "fapolicyd-cli --file add" crashes when processing sockets
Resolves: RHEL-105425

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2025-07-29 11:42:07 +02:00
Radovan Sroka
99663924fa RHEL 10.1 ERRATUM 
- RPMDB crashes with SIGBUS when updating the RPMDB repeatedly
Resolves: RHEL-94540

- fixed failures in CI

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2025-07-24 10:19:31 +02:00
Radovan Sroka
60a6dd7b73
RHEL 10.1 ERRATUM 
- RPMDB crashes with SIGBUS when updating the RPMDB repeatedly
Resolves: RHEL-94540
- File /run/fapolicyd differs from RPM expectations
Resolves: RHEL-94536
- fapolicyd.service badly instructs how to start after nss-user-lookup.target
Resolves: RHEL-94538
- fapolicy rule containing 'pattern=normal' produces error
Resolves: RHEL-94537

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2025-05-30 14:49:00 +02:00
Troy Dawson
62a57978ad Bump release for October 2024 mass rebuild: 
Resolves: RHEL-64018
 2024-10-29 08:23:22 -07:00
Super User
770310f479 Remove test dir, using .fmf plan 2024-07-10 15:36:33 +02:00
Troy Dawson
8300d9ece6 Bump release for June 2024 mass rebuild 2024-06-24 08:41:47 -07:00
koncpa
aeda2278c4 Update name of passing set ot tests in gating 2024-05-22 12:07:33 +02:00
koncpa
6d57786560 Add gating.yaml to require test as part of gating 2024-05-20 15:50:43 +02:00
Radovan Sroka
f795d5fc20
RHEL 10.0.0 ERRATUM 
- rebase to fapolicy-1.3.3 and fapolicyd-selinux-0.7
Resolves: RHEL-36287

Signed-off-by: Radovan Sroka <rsroka@redhat.com>

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2024-05-17 13:12:15 +02:00
koncpa
caa5d4153c Remove wrongly added plan and add new ci plans 
Resolves: RHEL-36744

Signed-off-by: Patrik Koncity <pkoncity@redhat.com>
 2024-05-17 12:28:48 +02:00
Radovan Sroka
c5a1b34c64
RHEL 10.0.0 ERRATUM 
- rebase to fapolicy-1.3.3 and fapolicyd-selinux-0.7
Resolves: RHEL-36287

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2024-05-14 13:26:54 +02:00
Fedora Release Engineering
d226921cd2 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-24 11:11:09 +00:00
Fedora Release Engineering
10acac14a1 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-19 18:52:08 +00:00
Patrik Koncity
93473de397 Change url with location of fapolicyd tests 2023-11-23 14:20:48 +01:00
Fedora Release Engineering
17b27aa7b1 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-07-19 19:16:08 +00:00
Radovan Sroka
cc47ad2109
Rebase to v1.3.2 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-07-10 10:32:14 +02:00
Radovan Sroka
32d8ed48cf
Update changelog and rebuild 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-06-15 17:35:43 +02:00
Radovan Sroka
419c239eb4
Rebase to fapolicyd v1.3.1 and selinux v0.6 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-06-15 17:30:07 +02:00
Radovan Sroka
8642d5655d
- migrated to SPDX license 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-06-13 11:37:17 +02:00
Petr Písař
641efeefbb Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) 2023-05-19 14:57:42 +02:00
Radovan Sroka
9db0c740b0
- SPDX Migration 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-03-15 12:26:55 +01:00
Radovan Sroka
2292734883
Rebase to v1.2 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2023-02-10 16:16:12 +01:00
Fedora Release Engineering
23487839d7 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-01-19 03:02:33 +00:00
Vit Mojzis
2e8800c45d tests: Add decentralized SELinux policy test 
- Test for unsound/dangerous SELinux policy practices
- Perform static policy code check using SELint

For more details and debugging tips see
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Testing
 2023-01-04 12:21:14 +00:00
Radovan Sroka
f4df635448 Rebuild for eln 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2022-12-02 17:52:14 +01:00
Yaakov Selkowitz
79313b5a89 Apply RHEL patches last 
The implicit declarations fix broken the ELN build due to overlapping
patches.  Applying the RHEL patches last, and adjusting them as needed
for Fedora changes, is the simplest way to make both builds successful.
 2022-11-28 11:48:13 -05:00
Florian Weimer
49f103321f Avoid implicit declaration of rpmFreeCrypto 
Related to:

  <https://fedoraproject.org/wiki/Changes/PortingToModernC>
  <https://fedoraproject.org/wiki/Toolchain/PortingToModernC>
 2022-11-28 11:58:06 +01:00
Radovan Sroka
ada077c995 Rebase to 1.1.7 
fix build problem

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2022-11-28 11:15:08 +01:00
Radovan Sroka
4878f09f92 Rebase to 1.1.7 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2022-11-28 11:11:59 +01:00
Radovan Sroka
a99b7efd3e Fix eln building 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2022-09-29 14:19:15 +02:00