diff --git a/.gitignore b/.gitignore index 62edc35..a8c404c 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ /fapolicyd-0.8.8.tar.gz /fapolicyd-0.8.9.tar.gz /fapolicyd-0.8.10.tar.gz +/fapolicyd-0.9.tar.gz diff --git a/fapolicyd.spec b/fapolicyd.spec index 30d7b5a..f12bdd7 100644 --- a/fapolicyd.spec +++ b/fapolicyd.spec @@ -1,7 +1,7 @@ Summary: Application Whitelisting Daemon Name: fapolicyd -Version: 0.8.10 -Release: 2%{?dist} +Version: 0.9 +Release: 1%{?dist} License: GPLv3+ URL: http://people.redhat.com/sgrubb/fapolicyd Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz @@ -15,7 +15,6 @@ Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -Patch1: python.patch %description Fapolicyd (File Access Policy Daemon) implements application whitelisting @@ -27,8 +26,6 @@ makes use of the kernel's fanotify interface to determine file access rights. %setup -q -%patch1 -p1 -b .python - sed -i "s/%python2_path%/`readlink -f %{__python2} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules sed -i "s/%python3_path%/`readlink -f %{__python3} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules @@ -63,7 +60,6 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam %license COPYING %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name} %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.rules -%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.mounts %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.conf %attr(644,root,root) %{_unitdir}/%{name}.service %attr(644,root,root) %{_tmpfilesdir}/%{name}.conf @@ -71,6 +67,7 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam %attr(755,root,root) %{_sbindir}/%{name}-cli %attr(644,root,root) %{_mandir}/man8/* %attr(644,root,root) %{_mandir}/man5/* +%attr(644,root,root) %{_mandir}/man1/* %ghost %{_localstatedir}/log/%{name}-access.log %attr(770,root,%{name}) %dir %{_localstatedir}/lib/%{name} %attr(770,root,%{name}) %dir /run/%{name} @@ -81,6 +78,9 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam %{python3_sitelib}/dnf-plugins/__pycache__/%{name}-dnf-plugin.*.pyc %changelog +* Mon Oct 07 2019 Radovan Sroka - 0.9-1 +- rebase to v0.9 + * Thu Oct 03 2019 Miro HronĨok - 0.8.10-2 - Rebuilt for Python 3.8.0rc1 (#1748018) diff --git a/python.patch b/python.patch deleted file mode 100644 index 98fd644..0000000 --- a/python.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up ./init/fapolicyd.rules.fix ./init/fapolicyd.rules ---- ./init/fapolicyd.rules.fix 2019-08-30 12:59:02.997181607 +0200 -+++ ./init/fapolicyd.rules 2019-08-30 13:00:21.639034651 +0200 -@@ -11,7 +11,7 @@ deny_audit pattern=ld_so all - # We have to carve out an exception for the system updaters - # or things go very bad (deadlock). - allow exe=/usr/bin/rpm all --allow exe=/usr/bin/python3.6 comm=dnf all -+allow exe=%python3_path% comm=dnf all - - # Don't allow untrusted executables - deny_audit exe_dir=execdirs exe=untrusted all -@@ -31,10 +31,10 @@ deny_audit all ftype=application/x-share - # Only allow system python executables and libs - # File type by: file --mime-type /path-to-file - allow all dir=execdirs ftype=text/x-python --allow exe=/usr/bin/python3.6 dir=execdirs ftype=text/x-python --allow exe=/usr/bin/python3.6 dir=execdirs ftype=application/octet-stream --allow exe=/usr/bin/python2.7 dir=execdirs ftype=text/x-python --allow exe=/usr/bin/python2.7 dir=execdirs ftype=application/octet-stream -+allow exe=%python3_path% dir=execdirs ftype=text/x-python -+allow exe=%python3_path% dir=execdirs ftype=application/octet-stream -+allow exe=%python2_path% dir=execdirs ftype=text/x-python -+allow exe=%python2_path% dir=execdirs ftype=application/octet-stream - deny_audit all ftype=text/x-python - #deny_audit all ftype=application/octet-stream path=*.pyc - -@@ -72,4 +72,3 @@ deny_audit exe=/usr/bin/ruby all - - # Allow everything else - allow all all -- diff --git a/sources b/sources index 2b82c25..05d1f23 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (fapolicyd-0.8.10.tar.gz) = 7a316a1e4ccb6b4f09c37cb33a3dd309c16bdb47a936b3610204851024ef45a896538fd0f5d8322cb4903c7cb375caa4072d801f702b5265833944cc51a58945 +SHA512 (fapolicyd-0.9.tar.gz) = 9a7fc929730403cf1430051e8f2c34568f43e38119f2bb09393886f7d8880354941f70cca34a2da2ca5ad9d65bd1e4854037a0deb9d7b0656f841b33019e2146