alexk / rpms / rpm

Forked from rpms/rpm 2 years ago
Clone
Michal Domonkos 205cd9
commit 39595ccee321497dc3b08c7cab8a10304345429c
Michal Domonkos 205cd9
Author: Radovan Sroka <rsroka@redhat.com>
Michal Domonkos 205cd9
Date:   Tue Oct 27 16:18:04 2020 +0100
Michal Domonkos 205cd9
Michal Domonkos 205cd9
    Added fapolicyd rpm plugin
Michal Domonkos 205cd9
    
Michal Domonkos 205cd9
    Fapolicyd (File Access Policy Daemon) implements application whitelisting
Michal Domonkos 205cd9
    to decide file access rights. Applications that are known via a reputation
Michal Domonkos 205cd9
    source are allowed access while unknown applications are not.
Michal Domonkos 205cd9
    
Michal Domonkos 205cd9
    The rpm plugin allows us to use rpm database as a source of trust.
Michal Domonkos 205cd9
    We used dnf plugin since the beggining but it only provides notification
Michal Domonkos 205cd9
    when transaction ends. With "integrity checking" requirement we need
Michal Domonkos 205cd9
    a continual addition of files which are installed during the system
Michal Domonkos 205cd9
    update. With fapolicyd rpm plugin we can allow using of recently
Michal Domonkos 205cd9
    added/updated files in scriptlets during rpm transaction.
Michal Domonkos 205cd9
    
Michal Domonkos 205cd9
    The fapolicyd plugin gathers metadata of currently installed files.
Michal Domonkos 205cd9
    It sends the information about files and about ongoing rpm transaction
Michal Domonkos 205cd9
    to the fapolicyd daemon. The information is written to Linux pipe which
Michal Domonkos 205cd9
    is placed in /var/run/fapolicyd/fapolicyd.fifo.
Michal Domonkos 205cd9
    
Michal Domonkos 205cd9
    The data format is "%s %lu %64s\n". [path, size, sha256]
Michal Domonkos 205cd9
    
Michal Domonkos 205cd9
    The fapolicyd rpm plugin can be enabled with "--with-fapolicyd"
Michal Domonkos 205cd9
    configure option.
Michal Domonkos 205cd9
    
Michal Domonkos 205cd9
    Related PRs:
Michal Domonkos 205cd9
    https://github.com/linux-application-whitelisting/fapolicyd/pull/105
Michal Domonkos 205cd9
    https://github.com/linux-application-whitelisting/fapolicyd/pull/106
Michal Domonkos 205cd9
    
Michal Domonkos 205cd9
    Signed-off-by: Radovan Sroka <rsroka@redhat.com>
Michal Domonkos 205cd9
Michal Domonkos 205cd9
    Backported into 4.16.1.3, together with commit
Michal Domonkos 205cd9
    6d61b7118adcc14631b7ee5163a481472af940b8 (covscan fix)
Michal Domonkos 205cd9
Michal Domonkos 205cd9
diff -up rpm-4.16.1.3/configure.ac.orig rpm-4.16.1.3/configure.ac
Michal Domonkos 205cd9
--- rpm-4.16.1.3/configure.ac.orig	2021-03-22 11:05:07.311635968 +0100
Michal Domonkos 205cd9
+++ rpm-4.16.1.3/configure.ac	2021-07-22 16:18:29.352006782 +0200
Michal Domonkos 205cd9
@@ -891,6 +891,14 @@ AS_IF([test "$enable_plugins" != no],[
Michal Domonkos 205cd9
 AM_CONDITIONAL(IMA, [test "x$ac_cv_func_lsetxattr" = xyes])
Michal Domonkos 205cd9
 
Michal Domonkos 205cd9
 #=================
Michal Domonkos 205cd9
+# Check for fapolicyd support
Michal Domonkos 205cd9
+AC_ARG_WITH(fapolicyd,
Michal Domonkos 205cd9
+AS_HELP_STRING([--with-fapolicyd],[build with File Access Policy Daemon support]),
Michal Domonkos 205cd9
+with_fapolicyd=$withval,
Michal Domonkos 205cd9
+with_fapolicyd=auto)
Michal Domonkos 205cd9
+AM_CONDITIONAL(FAPOLICYD,[test "$with_fapolicyd" = yes])
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+#=================
Michal Domonkos 205cd9
 # Check for audit library.
Michal Domonkos 205cd9
 AC_ARG_WITH(audit,
Michal Domonkos 205cd9
 AS_HELP_STRING([--with-audit],[Linux audit plugin]),
Michal Domonkos 205cd9
diff -up rpm-4.16.1.3/doc/Makefile.am.orig rpm-4.16.1.3/doc/Makefile.am
Michal Domonkos 205cd9
--- rpm-4.16.1.3/doc/Makefile.am.orig	2020-06-23 14:13:01.895628382 +0200
Michal Domonkos 205cd9
+++ rpm-4.16.1.3/doc/Makefile.am	2021-07-22 16:18:29.352006782 +0200
Michal Domonkos 205cd9
@@ -25,6 +25,9 @@ endif
Michal Domonkos 205cd9
 if IMA
Michal Domonkos 205cd9
 man_man8_DATA += rpm-plugin-ima.8
Michal Domonkos 205cd9
 endif
Michal Domonkos 205cd9
+if FAPOLICYD
Michal Domonkos 205cd9
+man_man8_DATA += rpm-plugin-fapolicyd.8
Michal Domonkos 205cd9
+endif
Michal Domonkos 205cd9
 if SELINUX
Michal Domonkos 205cd9
 man_man8_DATA += rpm-plugin-selinux.8
Michal Domonkos 205cd9
 endif
Michal Domonkos 205cd9
@@ -37,6 +40,8 @@ endif
Michal Domonkos 205cd9
 EXTRA_DIST += rpm-plugins.8 rpm-plugin-prioreset.8 rpm-plugin-syslog.8 
Michal Domonkos 205cd9
 EXTRA_DIST += rpm-plugin-audit.8 rpm-plugin-systemd-inhibit.8 
Michal Domonkos 205cd9
 EXTRA_DIST += rpm-plugin-ima.8 rpm-plugin-selinux.8 rpm2archive.8
Michal Domonkos 205cd9
+EXTRA_DIST += rpm-plugin-fapolicyd.8
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
 
Michal Domonkos 205cd9
 man_fr_man8dir = $(mandir)/fr/man8
Michal Domonkos 205cd9
 man_fr_man8_DATA = fr/rpm.8
Michal Domonkos 205cd9
diff -up rpm-4.16.1.3/doc/rpm-plugin-fapolicyd.8.orig rpm-4.16.1.3/doc/rpm-plugin-fapolicyd.8
Michal Domonkos 205cd9
--- rpm-4.16.1.3/doc/rpm-plugin-fapolicyd.8.orig	2021-07-22 16:18:29.353006800 +0200
Michal Domonkos 205cd9
+++ rpm-4.16.1.3/doc/rpm-plugin-fapolicyd.8	2021-07-22 16:18:29.353006800 +0200
Michal Domonkos 205cd9
@@ -0,0 +1,21 @@
Michal Domonkos 205cd9
+'\" t
Michal Domonkos 205cd9
+.TH "RPM-FAPOLICYD" "8" "28 Jan 2021" "Red Hat, Inc."
Michal Domonkos 205cd9
+.SH NAME
Michal Domonkos 205cd9
+rpm-plugin-fapolicyd \- Fapolicyd plugin for the RPM Package Manager
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+.SH Description
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+The plugin gathers metadata of currently installed files. It sends the
Michal Domonkos 205cd9
+information about files and about ongoing rpm transaction to the fapolicyd daemon.
Michal Domonkos 205cd9
+The information is written to Linux pipe which is placed in
Michal Domonkos 205cd9
+/var/run/fapolicyd/fapolicyd.fifo.
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+.SH Configuration
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+There are currently no options for this plugin in particular. See
Michal Domonkos 205cd9
+.BR rpm-plugins (8)
Michal Domonkos 205cd9
+on how to control plugins in general.
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+.SH SEE ALSO
Michal Domonkos 205cd9
+.IR fapolicyd (8)
Michal Domonkos 205cd9
+.IR rpm-plugins (8)
Michal Domonkos 205cd9
diff -up rpm-4.16.1.3/macros.in.orig rpm-4.16.1.3/macros.in
Michal Domonkos 205cd9
--- rpm-4.16.1.3/macros.in.orig	2021-07-22 16:18:20.525844141 +0200
Michal Domonkos 205cd9
+++ rpm-4.16.1.3/macros.in	2021-07-22 16:19:36.196238525 +0200
Michal Domonkos 205cd9
@@ -1208,6 +1208,7 @@ package or when debugging this package.\
Michal Domonkos 205cd9
 %__transaction_selinux		%{__plugindir}/selinux.so
Michal Domonkos 205cd9
 %__transaction_syslog		%{__plugindir}/syslog.so
Michal Domonkos 205cd9
 %__transaction_ima		%{__plugindir}/ima.so
Michal Domonkos 205cd9
+%__transaction_fapolicyd	%{__plugindir}/fapolicyd.so
Michal Domonkos 205cd9
 %__transaction_prioreset	%{__plugindir}/prioreset.so
Michal Domonkos 205cd9
 %__transaction_audit		%{__plugindir}/audit.so
Michal Domonkos 205cd9
 
Michal Domonkos 205cd9
diff -up rpm-4.16.1.3/Makefile.am.orig rpm-4.16.1.3/Makefile.am
Michal Domonkos 205cd9
--- rpm-4.16.1.3/Makefile.am.orig	2021-07-22 16:18:29.350006745 +0200
Michal Domonkos 205cd9
+++ rpm-4.16.1.3/Makefile.am	2021-07-22 16:19:18.223907346 +0200
Michal Domonkos 205cd9
@@ -14,6 +14,7 @@ DISTCHECK_CONFIGURE_FLAGS = \
Michal Domonkos 205cd9
 	--with-audit \
Michal Domonkos 205cd9
 	--with-selinux \
Michal Domonkos 205cd9
 	--with-imaevm \
Michal Domonkos 205cd9
+	--with-fapolicyd \
Michal Domonkos 205cd9
 	--disable-dependency-tracking
Michal Domonkos 205cd9
 
Michal Domonkos 205cd9
 include $(top_srcdir)/rpm.am
Michal Domonkos 205cd9
diff -up rpm-4.16.1.3/plugins/fapolicyd.c.orig rpm-4.16.1.3/plugins/fapolicyd.c
Michal Domonkos 205cd9
--- rpm-4.16.1.3/plugins/fapolicyd.c.orig	2021-07-22 16:18:29.356006855 +0200
Michal Domonkos 205cd9
+++ rpm-4.16.1.3/plugins/fapolicyd.c	2021-07-22 16:18:35.380117862 +0200
Michal Domonkos 205cd9
@@ -0,0 +1,191 @@
Michal Domonkos 205cd9
+#include "system.h"
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+#include <rpm/rpmts.h>
Michal Domonkos 205cd9
+#include <rpm/rpmlog.h>
Michal Domonkos 205cd9
+#include "lib/rpmplugin.h"
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+#include <fcntl.h>
Michal Domonkos 205cd9
+#include <errno.h>
Michal Domonkos 205cd9
+#include <unistd.h>
Michal Domonkos 205cd9
+#include <sys/stat.h>
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+struct fapolicyd_data {
Michal Domonkos 205cd9
+    int fd;
Michal Domonkos 205cd9
+    long changed_files;
Michal Domonkos 205cd9
+    const char * fifo_path;
Michal Domonkos 205cd9
+};
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+static struct fapolicyd_data fapolicyd_state = {
Michal Domonkos 205cd9
+    .fd = -1,
Michal Domonkos 205cd9
+    .changed_files = 0,
Michal Domonkos 205cd9
+    .fifo_path = "/run/fapolicyd/fapolicyd.fifo",
Michal Domonkos 205cd9
+};
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+static rpmRC open_fifo(struct fapolicyd_data* state)
Michal Domonkos 205cd9
+{
Michal Domonkos 205cd9
+    int fd = -1;
Michal Domonkos 205cd9
+    struct stat s;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    fd = open(state->fifo_path, O_RDWR);
Michal Domonkos 205cd9
+    if (fd == -1) {
Michal Domonkos 205cd9
+        rpmlog(RPMLOG_DEBUG, "Open: %s -> %s\n", state->fifo_path, strerror(errno));
Michal Domonkos 205cd9
+        goto bad;
Michal Domonkos 205cd9
+    }
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    if (stat(state->fifo_path, &s) == -1) {
Michal Domonkos 205cd9
+        rpmlog(RPMLOG_DEBUG, "Stat: %s -> %s\n", state->fifo_path, strerror(errno));
Michal Domonkos 205cd9
+        goto bad;
Michal Domonkos 205cd9
+    }
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    if (!S_ISFIFO(s.st_mode)) {
Michal Domonkos 205cd9
+        rpmlog(RPMLOG_DEBUG, "File: %s exists but it is not a pipe!\n", state->fifo_path);
Michal Domonkos 205cd9
+        goto bad;
Michal Domonkos 205cd9
+    }
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    /* keep only file's permition bits */
Michal Domonkos 205cd9
+    mode_t mode = s.st_mode & ~S_IFMT;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    /* we require pipe to have 0660 permission */
Michal Domonkos 205cd9
+    if (mode != 0660) {
Michal Domonkos 205cd9
+        rpmlog(RPMLOG_ERR, "File: %s has %o instead of 0660 \n",
Michal Domonkos 205cd9
+               state->fifo_path,
Michal Domonkos 205cd9
+               mode );
Michal Domonkos 205cd9
+        goto bad;
Michal Domonkos 205cd9
+    }
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    state->fd = fd;
Michal Domonkos 205cd9
+    /* considering success */
Michal Domonkos 205cd9
+    return RPMRC_OK;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+ bad:
Michal Domonkos 205cd9
+    if (fd >= 0)
Michal Domonkos 205cd9
+        close(fd);
Michal Domonkos 205cd9
+    return RPMRC_FAIL;
Michal Domonkos 205cd9
+}
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+static rpmRC write_fifo(struct fapolicyd_data* state, const char * str)
Michal Domonkos 205cd9
+{
Michal Domonkos 205cd9
+    ssize_t len = strlen(str);
Michal Domonkos 205cd9
+    ssize_t written = 0;
Michal Domonkos 205cd9
+    ssize_t n = 0;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    while (written < len) {
Michal Domonkos 205cd9
+        if ((n = write(state->fd, str + written, len - written)) < 0) {
Michal Domonkos 205cd9
+            if (errno == EINTR || errno == EAGAIN)
Michal Domonkos 205cd9
+                continue;
Michal Domonkos 205cd9
+            rpmlog(RPMLOG_DEBUG, "Write: %s -> %s\n", state->fifo_path, strerror(errno));
Michal Domonkos 205cd9
+            goto bad;
Michal Domonkos 205cd9
+        }
Michal Domonkos 205cd9
+        written += n;
Michal Domonkos 205cd9
+    }
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    return RPMRC_OK;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+ bad:
Michal Domonkos 205cd9
+    return RPMRC_FAIL;
Michal Domonkos 205cd9
+}
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+static rpmRC fapolicyd_init(rpmPlugin plugin, rpmts ts)
Michal Domonkos 205cd9
+{
Michal Domonkos 205cd9
+    if (rpmtsFlags(ts) & (RPMTRANS_FLAG_TEST|RPMTRANS_FLAG_BUILD_PROBS))
Michal Domonkos 205cd9
+        goto end;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    if (!rstreq(rpmtsRootDir(ts), "/"))
Michal Domonkos 205cd9
+        goto end;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    (void) open_fifo(&fapolicyd_state);
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+ end:
Michal Domonkos 205cd9
+    return RPMRC_OK;
Michal Domonkos 205cd9
+}
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+static void fapolicyd_cleanup(rpmPlugin plugin)
Michal Domonkos 205cd9
+{
Michal Domonkos 205cd9
+    if (fapolicyd_state.fd > 0)
Michal Domonkos 205cd9
+        (void) close(fapolicyd_state.fd);
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    fapolicyd_state.fd = -1;
Michal Domonkos 205cd9
+}
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+static rpmRC fapolicyd_tsm_post(rpmPlugin plugin, rpmts ts, int res)
Michal Domonkos 205cd9
+{
Michal Domonkos 205cd9
+    if (rpmtsFlags(ts) & (RPMTRANS_FLAG_TEST|RPMTRANS_FLAG_BUILD_PROBS))
Michal Domonkos 205cd9
+        goto end;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    /* we are ready */
Michal Domonkos 205cd9
+    if (fapolicyd_state.fd > 0) {
Michal Domonkos 205cd9
+        /* send a signal that transaction is over */
Michal Domonkos 205cd9
+        (void) write_fifo(&fapolicyd_state, "1\n");
Michal Domonkos 205cd9
+        /* flush cache */
Michal Domonkos 205cd9
+        (void) write_fifo(&fapolicyd_state, "2\n");
Michal Domonkos 205cd9
+    }
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+ end:
Michal Domonkos 205cd9
+    return RPMRC_OK;
Michal Domonkos 205cd9
+}
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+static rpmRC fapolicyd_scriptlet_pre(rpmPlugin plugin, const char *s_name,
Michal Domonkos 205cd9
+                                     int type)
Michal Domonkos 205cd9
+{
Michal Domonkos 205cd9
+    if (fapolicyd_state.fd == -1)
Michal Domonkos 205cd9
+        goto end;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    if (fapolicyd_state.changed_files > 0) {
Michal Domonkos 205cd9
+        /* send signal to flush cache */
Michal Domonkos 205cd9
+        (void) write_fifo(&fapolicyd_state, "2\n");
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+        /* optimize flushing */
Michal Domonkos 205cd9
+        /* flush only when there was an actual change */
Michal Domonkos 205cd9
+        fapolicyd_state.changed_files = 0;
Michal Domonkos 205cd9
+    }
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+ end:
Michal Domonkos 205cd9
+    return RPMRC_OK;
Michal Domonkos 205cd9
+}
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+static rpmRC fapolicyd_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
Michal Domonkos 205cd9
+                                        const char *path, const char *dest,
Michal Domonkos 205cd9
+                                        mode_t file_mode, rpmFsmOp op)
Michal Domonkos 205cd9
+{
Michal Domonkos 205cd9
+    /* not ready  */
Michal Domonkos 205cd9
+    if (fapolicyd_state.fd == -1)
Michal Domonkos 205cd9
+        goto end;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    rpmFileAction action = XFO_ACTION(op);
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    /* Ignore skipped files and unowned directories */
Michal Domonkos 205cd9
+    if (XFA_SKIPPING(action) || (op & FAF_UNOWNED)) {
Michal Domonkos 205cd9
+        rpmlog(RPMLOG_DEBUG, "fapolicyd skipping early: path %s dest %s\n",
Michal Domonkos 205cd9
+               path, dest);
Michal Domonkos 205cd9
+        goto end;
Michal Domonkos 205cd9
+    }
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    if (!S_ISREG(rpmfiFMode(fi))) {
Michal Domonkos 205cd9
+        rpmlog(RPMLOG_DEBUG, "fapolicyd skipping non regular: path %s dest %s\n",
Michal Domonkos 205cd9
+               path, dest);
Michal Domonkos 205cd9
+        goto end;
Michal Domonkos 205cd9
+    }
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    fapolicyd_state.changed_files++;
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    char buffer[4096];
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    rpm_loff_t size = rpmfiFSize(fi);
Michal Domonkos 205cd9
+    char * sha = rpmfiFDigestHex(fi, NULL);
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    snprintf(buffer, 4096, "%s %lu %64s\n", dest, size, sha);
Michal Domonkos 205cd9
+    (void) write_fifo(&fapolicyd_state, buffer);
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+    free(sha);
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+ end:
Michal Domonkos 205cd9
+    return RPMRC_OK;
Michal Domonkos 205cd9
+}
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
+struct rpmPluginHooks_s fapolicyd_hooks = {
Michal Domonkos 205cd9
+    .init = fapolicyd_init,
Michal Domonkos 205cd9
+    .cleanup = fapolicyd_cleanup,
Michal Domonkos 205cd9
+    .scriptlet_pre = fapolicyd_scriptlet_pre,
Michal Domonkos 205cd9
+    .tsm_post = fapolicyd_tsm_post,
Michal Domonkos 205cd9
+    .fsm_file_prepare = fapolicyd_fsm_file_prepare,
Michal Domonkos 205cd9
+};
Michal Domonkos 205cd9
diff -up rpm-4.16.1.3/plugins/Makefile.am.orig rpm-4.16.1.3/plugins/Makefile.am
Michal Domonkos 205cd9
--- rpm-4.16.1.3/plugins/Makefile.am.orig	2021-07-22 16:18:23.022890155 +0200
Michal Domonkos 205cd9
+++ rpm-4.16.1.3/plugins/Makefile.am	2021-07-22 16:18:55.797494098 +0200
Michal Domonkos 205cd9
@@ -43,6 +43,12 @@ ima_la_LIBADD = $(top_builddir)/lib/libr
Michal Domonkos 205cd9
 plugins_LTLIBRARIES += ima.la
Michal Domonkos 205cd9
 endif
Michal Domonkos 205cd9
 
Michal Domonkos 205cd9
+if FAPOLICYD
Michal Domonkos 205cd9
+fapolicyd_la_sources = fapolicyd.c
Michal Domonkos 205cd9
+fapolicyd_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la
Michal Domonkos 205cd9
+plugins_LTLIBRARIES += fapolicyd.la
Michal Domonkos 205cd9
+endif
Michal Domonkos 205cd9
+
Michal Domonkos 205cd9
 if AUDIT
Michal Domonkos 205cd9
 audit_la_sources = audit.c
Michal Domonkos 205cd9
 audit_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la @WITH_AUDIT_LIB@