From 34bdf6e5b0a1f2479571007adbaa753a29c72033 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Dec 10 2021 17:07:27 +0000 Subject: Rebase to 1.0.4 Signed-off-by: Radovan Sroka --- diff --git a/.gitignore b/.gitignore index a3c9c6e..18b62ae 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ /fapolicyd-selinux-0.4.tar.gz /uthash-2.3.0.tar.gz /fapolicyd-1.0.3.tar.gz +/fapolicyd-1.0.4.tar.gz diff --git a/fapolicyd-revert-watch-selinux.patch b/fapolicyd-revert-watch-selinux.patch deleted file mode 100644 index 17cd1db..0000000 --- a/fapolicyd-revert-watch-selinux.patch +++ /dev/null @@ -1,39 +0,0 @@ -From c61dbd615b73c1fa0d66943e35ce6475f64ef7a9 Mon Sep 17 00:00:00 2001 -From: Radovan Sroka -Date: Thu, 25 Mar 2021 21:38:45 +0100 -Subject: [PATCH] Revert "Allow fapolicyd watch directories" - -This reverts commit ed8aac4ef057fc7e5051041bbf7e9bb6dfb12915. ---- - fapolicyd.te | 10 ---------- - 1 file changed, 10 deletions(-) - -diff --git a/fapolicyd-selinux-0.4/fapolicyd.te b/fapolicyd-selinux-0.4/fapolicyd.te -index f5d0052..bd71e0f 100644 ---- a/fapolicyd-selinux-0.4/fapolicyd.te -+++ b/fapolicyd-selinux-0.4/fapolicyd.te -@@ -63,21 +63,11 @@ domain_read_all_domains_state(fapolicyd_t) - - files_mmap_usr_files(fapolicyd_t) - files_read_all_files(fapolicyd_t) --files_watch_mount_generic_tmp_dirs(fapolicyd_t) --files_watch_with_perm_generic_tmp_dirs(fapolicyd_t) --files_watch_mount_root_dirs(fapolicyd_t) --files_watch_with_perm_root_dirs(fapolicyd_t) -- - fs_getattr_xattr_fs(fapolicyd_t) --fs_watch_mount_tmpfs_dirs(fapolicyd_t) --fs_watch_with_perm_tmpfs_dirs(fapolicyd_t) - - logging_send_syslog_msg(fapolicyd_t) - dbus_system_bus_client(fapolicyd_t) - --userdom_watch_mount_tmp_dirs(fapolicyd_t) --userdom_watch_with_perm_tmp_dirs(fapolicyd_t) -- - optional_policy(` - rpm_read_db(fapolicyd_t) - allow fapolicyd_t rpm_var_lib_t:file { create }; --- -2.26.3 - diff --git a/fapolicyd.spec b/fapolicyd.spec index 844e3b2..df8fb60 100644 --- a/fapolicyd.spec +++ b/fapolicyd.spec @@ -4,8 +4,8 @@ Summary: Application Whitelisting Daemon Name: fapolicyd -Version: 1.0.3 -Release: 4%{?dist} +Version: 1.0.4 +Release: 1%{?dist} License: GPLv3+ URL: http://people.redhat.com/sgrubb/fapolicyd Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz @@ -115,6 +115,7 @@ install -p -m 644 -D init/%{name}-tmpfiles.conf %{buildroot}/%{_tmpfilesdir}/%{n install -p -m 644 init/%{name}.rules.known-libs %{buildroot}/%{_sysconfdir}/%{name}/%{name}.rules mkdir -p %{buildroot}/%{_localstatedir}/lib/%{name} mkdir -p %{buildroot}/run/%{name} +mkdir -p %{buildroot}%{_sysconfdir}/%{name}/trust.d # selinux install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} @@ -166,6 +167,7 @@ end %attr(755,root,%{name}) %dir %{_datadir}/%{name} %attr(644,root,%{name}) %{_datadir}/%{name}/%{name}.rules.* %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name} +%attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/trust.d %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.trust %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.rules @@ -207,6 +209,10 @@ fi %changelog +* Fri Dec 10 2021 Radovan Sroka - 1.0.4-1 +- rebase to 1.0.4 +- enable trust.d folder + * Wed Sep 01 2021 Radovan Sroka - 1.0.3-4 - selinux: use watch perm correctly diff --git a/sources b/sources index 12712b1..4850341 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (fapolicyd-1.0.3.tar.gz) = 5ec48d6c3ab6312c3ad4cc23e04fe03c5288baee9ee796ae944a539b082176f9fe03ad04edb8442af194d224b888e81addc5f84d4c1a368618a2a590a17c16a1 +SHA512 (fapolicyd-1.0.4.tar.gz) = 08a8625b1ad9a383359435605595b17a537c7ca889ad0b8d6acdf5d27e98dc38f557187a54e5320d9eeb624999f19526cc29c2e43449033f4f086e0bef142d7b SHA512 (fapolicyd-selinux-0.4.tar.gz) = afc74b9c55c71bec2039d112e8e16abc510b58bf794bd665f3128a63daa45572a6f18d1c4de1f63e45a01f8696aacfbf54ed2a07485d581f25446b7fe92307a2 SHA512 (uthash-2.3.0.tar.gz) = 3b01f1074790fb242900411cb16eb82c1a9afcf58e3196a0f4611d9d7ef94690ad38c0a500e7783d3efa20328aa8d6ab14f246be63b3b3d385502ba2b6b2a294