fapolicyd-1.0-3.el8.4
エラータID: AXSA:2021-1453:03
The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system.
Bug Fix(es):
* When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " (deleted)" suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.
With this update, fapolicyd ignores the suffix in the binary path so the binary can match the trust database. As a result, fapolicyd enforces the rules correctly and the update process can finish.
* Adding DISA STIG during OS installation causes 'ipa-server-install' to fail
Note: Due to the high impact of the issue that can cause systems to become unable to boot, we are releasing the same fix again in a security erratum to ensure proper visibility to users who only install security updates. This fix has not been changed in any way since the original bug fix erratum. This erratum does not provide any security fixes.
Update packages.
N/A
SRPMS
- fapolicyd-1.0-3.el8.4.src.rpm
MD5: c4f0ba0fc6d82735d8541e624058d4f0
SHA-256: df409e55e69d3d8cce5db29bd5bede437f506e08d276658ad336ec16808ed0f4
Size: 121.77 kB
Asianux Server 8 for x86_64
- fapolicyd-1.0-3.el8.4.x86_64.rpm
MD5: b70e73964ff9e937f688151a61c5fc72
SHA-256: e70959ebc59113c237a56642d80f2c8564b31735cbd309e25eb06304448d33a7
Size: 98.93 kB