From 4ffeb28e23389014c3d84c28bf8860bfcd52ead4 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Feb 24 2020 13:20:46 +0000 Subject: Rebase fapolicyd to 0.9.3 - dramatically improved startup time - fapolicyd-cli has picked up --list and --ftype commands to help debug/write policy - file type identification has been improved - trust database statistics have been added to the reports --- diff --git a/.gitignore b/.gitignore index b07fab8..484f681 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /fapolicyd-selinux-0.1.tar.gz /fapolicyd-selinux-0.2.tar.gz /fapolicyd-0.9.2.tar.gz +/fapolicyd-0.9.3.tar.gz diff --git a/fapolicyd-conf.patch b/fapolicyd-conf.patch deleted file mode 100644 index f77509a..0000000 --- a/fapolicyd-conf.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff -up ./init/fapolicyd.conf.fix ./init/fapolicyd.conf ---- ./init/fapolicyd.conf.fix 2020-02-03 12:18:23.775222689 +0100 -+++ ./init/fapolicyd.conf 2020-02-03 12:18:42.567359324 +0100 -@@ -14,4 +14,4 @@ db_max_size = 250 - subj_cache_size = 1024 - obj_cache_size = 6144 - watch_fs = ext2,ext3,ext4,tmpfs,xfs,vfat,iso9660 --trust = rpmdb,files -+trust = rpmdb,file diff --git a/fapolicyd.spec b/fapolicyd.spec index 1a6c97c..fcf74ec 100644 --- a/fapolicyd.spec +++ b/fapolicyd.spec @@ -4,15 +4,15 @@ Summary: Application Whitelisting Daemon Name: fapolicyd -Version: 0.9.2 -Release: 2%{?dist} +Version: 0.9.3 +Release: 1%{?dist} License: GPLv3+ URL: http://people.redhat.com/sgrubb/fapolicyd Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz Source1: https://github.com/linux-application-whitelisting/%{name}-selinux/releases/download/v%{semodule_version}/%{name}-selinux-%{semodule_version}.tar.gz BuildRequires: kernel-headers BuildRequires: autoconf automake make gcc libtool -BuildRequires: systemd-devel libgcrypt-devel rpm-devel file-devel +BuildRequires: systemd-devel libgcrypt-devel rpm-devel file-devel file BuildRequires: libcap-ng-devel libseccomp-devel lmdb-devel BuildRequires: python3-devel Recommends: %{name}-selinux @@ -21,8 +21,7 @@ Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -Patch1: fapolicyd-conf.patch -Patch2: selinux.patch +Patch1: selinux.patch %description Fapolicyd (File Access Policy Daemon) implements application whitelisting @@ -53,8 +52,7 @@ sed -i "s/%python2_path%/`readlink -f %{__python2} | sed 's/\//\\\\\//g'`/g" ini sed -i "s/%python3_path%/`readlink -f %{__python3} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules sed -i "s/%ld_so_path%/`find /usr/lib64/ -type f -name 'ld-2\.*.so' | sed 's/\//\\\\\//g'`/g" init/%{name}.rules -%patch1 -p1 -b .default-conf -%patch2 -p1 -b .selinux +%patch1 -p1 -b .selinux %build @@ -121,10 +119,11 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam %attr(644,root,root) %{_mandir}/man8/* %attr(644,root,root) %{_mandir}/man5/* %attr(644,root,root) %{_mandir}/man1/* +%attr(644,root,root) %{_datadir}/%{name}/* %ghost %{_localstatedir}/log/%{name}-access.log %attr(770,root,%{name}) %dir %{_localstatedir}/lib/%{name} %attr(770,root,%{name}) %dir /run/%{name} -%ghost %{_localstatedir}/run/%{name}/%{name}.fifo +%ghost /run/%{name}/%{name}.fifo %ghost %{_localstatedir}/lib/%{name}/data.mdb %ghost %{_localstatedir}/lib/%{name}/lock.mdb %{python3_sitelib}/dnf-plugins/%{name}-dnf-plugin.py @@ -149,6 +148,13 @@ fi %changelog +* Mon Feb 24 2020 Radovan Sroka - 0.9.3-1 +- rebase fapolicyd to 0.9.3 +- dramatically improved startup time +- fapolicyd-cli has picked up --list and --ftype commands to help debug/write policy +- file type identification has been improved +- trust database statistics have been added to the reports + * Tue Feb 04 2020 Radovan Sroka - 0.9.2-2 - Label all fifo_file as fapolicyd_var_run_t in /var/run. - Allow fapolicyd_t domain to create fifo files labeled as diff --git a/sources b/sources index d43675a..1f42216 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (fapolicyd-0.9.2.tar.gz) = 472282f2bf31788e3fb4e41648ddbffe2c550396bd371bb85f685773de76333bd55abd63e0145d6abe3b2c8bf72946138448eb0582bb693893310f81741a201b +SHA512 (fapolicyd-0.9.3.tar.gz) = e605bc0f90d5deb623af474ecad9b6497d152706699a1887509cdabdc4f06ba7a0d09f896cbe324542e7dfe0f988ad6755e1790988ec269d0f60c6962a6a243a SHA512 (fapolicyd-selinux-0.2.tar.gz) = 9ffefab4102168be672a9e84b2fff3c4fbabf65b77432a4b4e6f9619b13e23dba27c2fb5e5015830b90104aff50d7ef21337de137d14d622970c1f17accf23ad