-
Wed Oct 18 2023 EL Errata <el-errata_ww@oracle.com> - 1.3.2-1.0.1
- Increase db_max_size to 100M
-
Wed Jul 19 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.2-1
RHEL 8.9.0 ERRATUM
- Rebase fapolicyd to the latest stable version
Resolves: RHEL-519
- RFE: send rule number to fanotify so it gets audited
Resolves: RHEL-628
- Default q_size doesn't match manpage's one
Resolves: RHEL-629
- fapolicyd can leak FDs and never answer request, causing target process to hang forever
Resolves: RHEL-632
- fapolicyd needs to make sure the FD limit is never reached
Resolves: RHEL-631
- fapolicyd still allows execution of a program after "untrusting" it
Resolves: RHEL-630
- Fix broken backwards compatibility backend numbers
Resolves: RHEL-731
- fapolicyd can create RPM DB files /var/lib/rpm/__db.xxx with bad ownership causing AVCs to occur
Resolves: RHEL-829
- SELinux prevents the fapolicyd from reading symlink (cert_t)
Resolves: RHEL-820
-
Mon Jan 30 2023 Radovan Sroka <rsroka@redhat.com> - 1.1.3-12
RHEL 8.8.0 ERRATUM
- statically linked app can execute untrusted app
Resolves: rhbz#2088349
- Starting manually fapolicyd while the service is already running breaks the system
Resolves: rhbz#2103352
- Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled
Resolves: rhbz#2087040
- fapolicyd: Introduce filtering of rpmdb
Resolves: rhbz#2165645
-
Fri Aug 05 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-8
RHEL 8.7.0 ERRATUM
- rebase fapolicyd to the latest stable vesion
Resolves: rhbz#2100087
- fapolicyd does not correctly handle SIGHUP
Resolves: rhbz#2070639
- fapolicyd often breaks package updates
Resolves: rhbz#2111243
- drop libgcrypt in favour of openssl
Resolves: rhbz#2111935
- fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works
Resolves: rhbz#2103914
- fapolicyd gets way too easily killed by OOM killer
Resolves: rhbz#2100089
- compiled.rules file ownership and mode
Resolves: rhbz#2066653
- Faulty handling of static applications
Resolves: rhbz#2084497
- Introduce ppid rule attribute
Resolves: rhbz#2102563
- CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path [rhel-8.7.0]
Resolves: rhbz#2069121
- Fapolicyd denies access to /usr/lib64/ld-2.28.so [rhel-8.7.0]
Resolves: rhbz#2068105
-
Wed Feb 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-1
RHEL 8.6.0 ERRATUM
- rebase to 1.1
Resolves: rhbz#1939379
- introduce rules.d feature
Resolves: rhbz#2054741
- remove pretrans scriptlet
Resolves: rhbz#2051485
-
Mon Dec 13 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.4-2
RHEL 8.6.0 ERRATUM
- rebase to 1.0.4
- added rpm_sha256_only option
- added trust.d directory
- allow file names with whitespace in trust files
- use full paths in trust files
Resolves: rhbz#1939379
- fix libc.so getting identified as application/x-executable
Resolves: rhbz#1989272
- fix fapolicyd-dnf-plugin reporting as '<invalid>'
Resolves: rhbz#1997414
- fix selinux DSP module definition in spec file
Resolves: rhbz#2014445
-
Thu Aug 19 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-7
- fapolicyd abnormally exits by executing sosreport
- fixed multiple problems with unlink()
- fapolicyd breaks system upgrade, leaving system in dead state - complete fix
Resolves: rhbz#1943251
-
Tue Feb 16 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-3
RHEL 8.4.0 ERRATUM
- rebase to 1.0.2
- strong dependency on rpm/rpm-plugin-fapolicyd
- installed dnf-plugin is dummy and we are not using it anymore
- enabled integrity setting
Resolves: rhbz#1887451
- added make check
- Adding DISA STIG during OS installation causes 'ipa-server-install' to fail
- fixed java detection
Resolves: rhbz#1895435
- dnf update fails when fapolicyd is enabled
Resolves: rhbz#1876975
- fapolicyd breaks system upgrade, leaving system in dead state - complete fix
Resolves: rhbz#1896875
-
Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-3
RHEL 8.3 ERRATUM
- fixed manpage fapolicyd-conf
Resolves: rhbz#1817413
-
Mon May 25 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-2
RHEL 8.3 ERRATUM
- rebase to v1.0
- installed multiple policies to /usr/share/fapolicyd
- known-libs (default)
- restrictive
- installed fapolicyd.trust file
- enhanced fapolicyd-cli
Resolves: rhbz#1817413
- introduced fapolicyd-selinux that provides SELinux policy module
Resolves: rhbz#1714529