fapolicyd-1.3.3-100.el9 RPM for s390x

From CentOS Stream 9 AppStream for s390x

Fapolicyd (File Access Policy Daemon) implements application whitelisting
to decide file access rights. Applications that are known via a reputation
source are allowed access while unknown applications are not. The daemon
makes use of the kernel's fanotify interface to determine file access rights.

Provides

• fapolicyd
• config(fapolicyd)
• fapolicyd(s390-64)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• /usr/bin/sh
• config(fapolicyd) = 1.3.3-100.el9
• fapolicyd-plugin
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.13)(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.2)(64bit)
• libc.so.6(GLIBC_2.2.3)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.2)(64bit)
• libc.so.6(GLIBC_2.3.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.30)(64bit)
• libc.so.6(GLIBC_2.32)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.7)(64bit)
• libc.so.6(GLIBC_2.8)(64bit)
• libcap-ng.so.0()(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• liblmdb.so.0.0.0()(64bit)
• libmagic.so.1()(64bit)
• librpm.so.9()(64bit)
• librpmio.so.9()(64bit)
• libseccomp.so.2()(64bit)
• libudev.so.1()(64bit)
• libudev.so.1(LIBUDEV_183)(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)
• shadow-utils
• systemd-units
• systemd-units
• systemd-units

License

GPLv3+

Changelog

* Wed Jul 19 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.3-100
  RHEL 9.5.0 ERRATUM
  - rebase to fapolicyd-1.3.3 and fapolicyd-selinux-0.7
  Resolves: RHEL-36285
* Wed Jul 19 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.2-100
  RHEL 9.3.0 ERRATUM
  - Rebase fapolicyd to the latest stable version
  Resolves: RHEL-430
  - fapolicyd can leak FDs and never answer request, causing target process to hang forever
  Resolves: RHEL-621
  - RFE: send rule number to fanotify so it gets audited
  Resolves: RHEL-624
  - fapolicyd needs to make sure the FD limit is never reached
  Resolves: RHEL-623
  - fapolicyd still allows execution of a program after "untrusting" it
  Resolves: RHEL-622
  - Default q_size doesn't match manpage's one
  Resolves: RHEL-627
  - fapolicyd-cli --update then mount/umount twice causes fapolicyd daemon to block (state 'D')
  Resolves: RHEL-817
  - Fix broken backwards compatibility backend numbers
  Resolves: RHEL-730
  - SELinux prevents the fapolicyd from reading symlink (cert_t)
  Resolves: RHEL-816
* Mon Jan 30 2023 Radovan Sroka <rsroka@redhat.com> - 1.1.3-104
  RHEL 9.2.0 ERRATUM
  - statically linked app can execute untrusted app
  Resolves: rhbz#2097077
  - fapolicyd ineffective with systemd DynamicUser=yes
  Resolves: rhbz#2136802
  - Starting manually fapolicyd while the service is already running breaks the system
  Resolves: rhbz#2160517
  - Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled
  Resolves: rhbz#2160518
  - fapolicyd: Introduce filtering of rpmdb
  Resolves: RHEL-192
* Fri Aug 05 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-102
  RHEL 9.1.0 ERRATUM
  - rebase fapolicyd to the latest stable vesion
  Resolves: rhbz#2100041
  - fapolicyd gets way too easily killed by OOM killer
  Resolves: rhbz#2097385
  - fapolicyd does not correctly handle SIGHUP
  Resolves: rhbz#2070655
  - Introduce ppid rule attribute
  Resolves: rhbz#2102558
  - fapolicyd often breaks package updates
  Resolves: rhbz#2111244
  - drop libgcrypt in favour of openssl
  Resolves: rhbz#2111938
  - Remove dnf plugin
  Resolves: rhbz#2113959
  - fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works
  Resolves: rhbz#2115849
* Thu Jun 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-104
  RHEL 9.1.0 ERRATUM
  - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path
  Resolves: rhbz#2069123
  - Faulty handling of static applications
  Resolves: rhbz#2096457
* Sun Apr 03 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-101
  RHEL 9.1.0 ERRATUM
  - fapolicyd denies access to /usr/lib64/ld-2.28.so
  Resolves: rhbz#2067493
* Wed Feb 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-100
  RHEL 9.0.0 ERRATUM
  - rebase to 1.1
  Resolves: rhbz#2032408
  - introduce rules.d
  Resolves: rhbz#2054740
  - remove pretrans scriptlet
  Resolve: rhbz#2051481
* Tue Dec 14 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.4-101
  RHEL 9.0.0 ERRATUM
  - rebase to 1.0.4
  - added rpm_sha256_only option
  - added trust.d directory
  - allow file names with whitespaces in trust files
  - use full paths in trust files
  Resolves: rhbz#2032408
  - fix libc.so getting identified as application/x-executable
  Resolves: rhbz#2015307
  - fix selinux DSP module definition in spec file
  Resolves: rhbz#2014449
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.3-4
  - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
    Related: rhbz#1991688
* Tue Jul 20 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.3-3
  RHEL 9 BETA
  - SELinux prevents fapolicyd from watch_mount/watch_with_perm on /dev/shm
  Resolves: rhbz#1932225
  Resolves: rhbz#1977731

Files

/etc/bash_completion.d/fapolicyd.bash_completion
/etc/fapolicyd
/etc/fapolicyd/compiled.rules
/etc/fapolicyd/fapolicyd-filter.conf
/etc/fapolicyd/fapolicyd.conf
/etc/fapolicyd/fapolicyd.rules
/etc/fapolicyd/fapolicyd.trust
/etc/fapolicyd/rules.d
/etc/fapolicyd/rules.d/*
/etc/fapolicyd/trust.d
/run/fapolicyd
/run/fapolicyd/fapolicyd.fifo
/usr/lib/.build-id
/usr/lib/.build-id/0f
/usr/lib/.build-id/0f/9c29805e93e27b5673b14191784ab40190e853
/usr/lib/.build-id/93
/usr/lib/.build-id/93/fadbf78743d98f75c3ec7cd3893400064b7c27
/usr/lib/systemd/system/fapolicyd.service
/usr/lib/tmpfiles.d/fapolicyd.conf
/usr/sbin/fagenrules
/usr/sbin/fapolicyd
/usr/sbin/fapolicyd-cli
/usr/share/doc/fapolicyd
/usr/share/doc/fapolicyd/README.md
/usr/share/fapolicyd
/usr/share/fapolicyd/default-ruleset.known-libs
/usr/share/fapolicyd/fapolicyd-magic.mgc
/usr/share/fapolicyd/sample-rules
/usr/share/fapolicyd/sample-rules/10-languages.rules
/usr/share/fapolicyd/sample-rules/20-dracut.rules
/usr/share/fapolicyd/sample-rules/21-updaters.rules
/usr/share/fapolicyd/sample-rules/22-buildroot.rules
/usr/share/fapolicyd/sample-rules/30-patterns.rules
/usr/share/fapolicyd/sample-rules/40-bad-elf.rules
/usr/share/fapolicyd/sample-rules/41-shared-obj.rules
/usr/share/fapolicyd/sample-rules/42-trusted-elf.rules
/usr/share/fapolicyd/sample-rules/43-known-elf.rules
/usr/share/fapolicyd/sample-rules/70-trusted-lang.rules
/usr/share/fapolicyd/sample-rules/71-known-python.rules
/usr/share/fapolicyd/sample-rules/72-shell.rules
/usr/share/fapolicyd/sample-rules/73-known-perl.rules
/usr/share/fapolicyd/sample-rules/74-known-ocaml.rules
/usr/share/fapolicyd/sample-rules/75-known-php.rules
/usr/share/fapolicyd/sample-rules/76-known-ruby.rules
/usr/share/fapolicyd/sample-rules/77-known-lua.rules
/usr/share/fapolicyd/sample-rules/90-deny-execute.rules
/usr/share/fapolicyd/sample-rules/91-deny-lang.rules
/usr/share/fapolicyd/sample-rules/95-allow-open.rules
/usr/share/fapolicyd/sample-rules/README-rules
/usr/share/licenses/fapolicyd
/usr/share/licenses/fapolicyd/COPYING
/usr/share/man/man5/fapolicyd-filter.conf.5.gz
/usr/share/man/man5/fapolicyd.conf.5.gz
/usr/share/man/man5/fapolicyd.rules.5.gz
/usr/share/man/man5/fapolicyd.trust.5.gz
/usr/share/man/man5/rpm-filter.conf.5.gz
/usr/share/man/man8/fagenrules.8.gz
/usr/share/man/man8/fapolicyd-cli.8.gz
/usr/share/man/man8/fapolicyd.8.gz
/var/lib/fapolicyd
/var/lib/fapolicyd/data.mdb
/var/lib/fapolicyd/lock.mdb
/var/log/fapolicyd-access.log

Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 30 06:26:07 2025