diff --git a/.fapolicyd.metadata b/.fapolicyd.metadata new file mode 100644 index 0000000..c01d975 --- /dev/null +++ b/.fapolicyd.metadata @@ -0,0 +1 @@ +f447f4a915c007d376d719a071b5fd2ae47480dd SOURCES/fapolicyd-0.8.9.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f399b16 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/fapolicyd-0.8.9.tar.gz diff --git a/SPECS/fapolicyd.spec b/SPECS/fapolicyd.spec new file mode 100644 index 0000000..6ebfb52 --- /dev/null +++ b/SPECS/fapolicyd.spec @@ -0,0 +1,107 @@ +Summary: Application Whitelisting Daemon +Name: fapolicyd +Version: 0.8.9 +Release: 1%{?dist} +License: GPLv3+ +URL: http://people.redhat.com/sgrubb/fapolicyd +Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz +BuildRequires: kernel-headers +BuildRequires: autoconf automake make gcc libtool +BuildRequires: systemd-devel libgcrypt-devel rpm-devel file-devel +BuildRequires: libcap-ng-devel libseccomp-devel lmdb-devel +BuildRequires: python3-devel +Requires(pre): shadow-utils +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + + +%description +Fapolicyd (File Access Policy Daemon) implements application whitelisting +to decide file access rights. Applications that are known via a reputation +source are allowed access while unknown applications are not. The daemon +makes use of the kernel's fanotify interface to determine file access rights. + +%prep +%setup -q + +%build +./autogen.sh +%configure --with-audit +make CFLAGS="%{optflags}" %{?_smp_mflags} + +%install +make DESTDIR="%{buildroot}" INSTALL='install -p' install +mkdir -p %{buildroot}/%{python3_sitelib}/dnf-plugins/ +install -p -m 644 dnf/%{name}-dnf-plugin.py %{buildroot}/%{python3_sitelib}/dnf-plugins/ +install -p -m 644 -D init/%{name}-tmpfiles.conf %{buildroot}/%{_tmpfilesdir}/%{name}.conf +mkdir -p %{buildroot}/%{_localstatedir}/lib/%{name} +mkdir -p %{buildroot}/run/%{name} + +%pre +getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{name} -s /sbin/nologin -c "Application Whitelisting Daemon" %{name} + +%post +%systemd_post %{name}.service + +%preun +%systemd_preun %{name}.service + +%postun +%systemd_postun_with_restart %{name}.service + +%files +%doc README.md +%{!?_licensedir:%global license %%doc} +%license COPYING +%attr(750,root,%{name}) %dir %{_sysconfdir}/%{name} +%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.rules +%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.mounts +%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.conf +%attr(644,root,root) %{_unitdir}/%{name}.service +%attr(644,root,root) %{_tmpfilesdir}/%{name}.conf +%attr(755,root,root) %{_sbindir}/%{name} +%attr(755,root,root) %{_sbindir}/%{name}-cli +%attr(644,root,root) %{_mandir}/man8/* +%attr(644,root,root) %{_mandir}/man5/* +%ghost %{_localstatedir}/log/%{name}-access.log +%attr(770,root,%{name}) %dir %{_localstatedir}/lib/%{name} +%attr(770,root,%{name}) %dir /run/%{name} +%ghost %{_localstatedir}/run/%{name}/%{name}.fifo +%ghost %{_localstatedir}/lib/%{name}/data.mdb +%ghost %{_localstatedir}/lib/%{name}/lock.mdb +%{python3_sitelib}/dnf-plugins/%{name}-dnf-plugin.py +%{python3_sitelib}/dnf-plugins/__pycache__/%{name}-dnf-plugin.*.pyc + +%changelog +* Mon May 06 2019 Radovan Sroka - 0.8.9-1 +- New upstream release +- imported from fedora30 + resolves: rhbz#1673323 + +* Wed Mar 13 2019 Radovan Sroka - 0.8.8-2 +- backport some patches to resolve dac_override for fapolicyd + +* Mon Mar 11 2019 Radovan Sroka - 0.8.8-1 +- New upstream release +- Added new DNF plugin that can update the trust database when rpms are installed +- Added support for FAN_OPEN_EXEC_PERM + +* Thu Jan 31 2019 Fedora Release Engineering - 0.8.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + + +* Wed Oct 03 2018 Steve Grubb 0.8.7-1 +- New upstream bugfix release + +* Fri Jul 13 2018 Fedora Release Engineering - 0.8.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jun 07 2018 Steve Grubb 0.8.6-1 +- New upstream feature release + +* Fri May 18 2018 Steve Grubb 0.8.5-2 +- Add dist tag (#1579362) + +* Fri Feb 16 2018 Steve Grubb 0.8.5-1 +- New release