- Rebase fapolicyd to the latest stable version Resolves: RHEL-519 - RFE: send rule number to fanotify so it gets audited Resolves: RHEL-628 - Default q_size doesn't match manpage's one Resolves: RHEL-629 - fapolicyd can leak FDs and never answer request, causing target process to hang forever Resolves: RHEL-632 - fapolicyd needs to make sure the FD limit is never reached Resolves: RHEL-631 - fapolicyd still allows execution of a program after "untrusting" it Resolves: RHEL-630 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
35 lines
1.2 KiB
Diff
35 lines
1.2 KiB
Diff
diff -up ./dnf/fapolicyd-dnf-plugin.py.fix ./dnf/fapolicyd-dnf-plugin.py
|
|
--- ./dnf/fapolicyd-dnf-plugin.py.fix 2023-06-20 13:21:21.098192421 +0200
|
|
+++ ./dnf/fapolicyd-dnf-plugin.py 2023-06-20 13:21:46.287412300 +0200
|
|
@@ -8,29 +8,10 @@ import sys
|
|
class Fapolicyd(dnf.Plugin):
|
|
|
|
name = "fapolicyd"
|
|
- pipe = "/run/fapolicyd/fapolicyd.fifo"
|
|
file = None
|
|
|
|
def __init__(self, base, cli):
|
|
pass
|
|
|
|
def transaction(self):
|
|
-
|
|
- if not os.path.exists(self.pipe):
|
|
- sys.stderr.write("Pipe does not exist (" + self.pipe + ")\n")
|
|
- sys.stderr.write("Perhaps fapolicy-plugin does not have enough permissions\n")
|
|
- sys.stderr.write("or fapolicyd is not running...\n")
|
|
- return
|
|
-
|
|
- if not stat.S_ISFIFO(os.stat(self.pipe).st_mode):
|
|
- sys.stderr.write(self.pipe + ": is not a pipe!\n")
|
|
- return
|
|
-
|
|
- try:
|
|
- self.file = open(self.pipe, "w")
|
|
- except PermissionError:
|
|
- sys.stderr.write("fapolicy-plugin does not have write permission: " + self.pipe + "\n")
|
|
- return
|
|
-
|
|
- self.file.write("1\n")
|
|
- self.file.close()
|
|
+ pass
|