diff --git a/SOURCES/fapolicyd-dracut.patch b/SOURCES/fapolicyd-dracut.patch new file mode 100644 index 0000000..9ae3d94 --- /dev/null +++ b/SOURCES/fapolicyd-dracut.patch @@ -0,0 +1,14 @@ +diff -up ./init/fapolicyd.rules.fix ./init/fapolicyd.rules +--- ./init/fapolicyd.rules.fix 2020-01-20 13:39:06.082916773 +0100 ++++ ./init/fapolicyd.rules 2020-01-20 13:41:45.088018967 +0100 +@@ -5,6 +5,10 @@ + # versions of python and the update utilities may need adjusting for + # your distribution. + ++# enable dracut ++allow uid=0 dir=/var/tmp/ ++allow uid=0 exe=/usr/lib64/ld-2.28.so dir=systemdir ++ + # Prevent execution by ld.so + deny_audit pattern=ld_so all + diff --git a/SPECS/fapolicyd.spec b/SPECS/fapolicyd.spec index e407dcf..e78779c 100644 --- a/SPECS/fapolicyd.spec +++ b/SPECS/fapolicyd.spec @@ -1,7 +1,7 @@ Summary: Application Whitelisting Daemon Name: fapolicyd Version: 0.8.10 -Release: 3%{?dist} +Release: 3%{?dist}.1 License: GPLv3+ URL: http://people.redhat.com/sgrubb/fapolicyd Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz @@ -25,6 +25,9 @@ Patch2: fapolicyd-dnf-output.patch # Added missing manpage for fapolicyd-cli Patch3: fapolicyd-manpage.patch +# Allow dracut in fapolicyd.rules +Patch4: fapolicyd-dracut.patch + %description Fapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputation @@ -37,6 +40,7 @@ makes use of the kernel's fanotify interface to determine file access rights. %patch1 -p1 -b .hash %patch2 -p1 -b .dnf-output %patch3 -p1 -b .manpage +%patch4 -p1 -b .dracut %build ./autogen.sh @@ -88,6 +92,12 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam %{python3_sitelib}/dnf-plugins/__pycache__/%{name}-dnf-plugin.*.pyc %changelog +* Mon Jan 20 2020 Radovan Sroka - 0.8.10-3.1 +RHEL 8.1.Z +- fixed: fapolicyd blocks dracut from generating initramfs +- changed default fapolicyd.rules +Resolves: rhbz#1791856 + * Wed Jul 24 2019 Radovan Sroka - 0.8.10-3 - added missing manpage for fapolicyd-cli Resolves: rhbz#1708015