- Issued:
- 2020-11-30
- Updated:
- 2020-11-30
RHBA-2020:5242 - Bug Fix Advisory
Synopsis
fapolicyd bug fix update
Type/Severity
Bug Fix Advisory
Topic
An update for fapolicyd is now available for Red Hat Enterprise Linux 8.
Description
The fapolicyd software framework introduces a form of application whitelisting and blacklisting based on a user-defined policy. The application whitelisting feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system.
Bug Fix:
- When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " (deleted)" suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.
With this update, fapolicyd ignores the suffix in the binary path so the binary can match the trust database. As a result, fapolicyd enforces the rules correctly and the update process can finish.
(BZ#1897090)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 1897090 - fapolicyd breaks system upgrade, leaving system in dead state - complete fix [rhel-8.3.0.z]
CVEs
(none)
References
(none)
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| fapolicyd-1.0-3.el8_3.3.src.rpm | SHA-256: 55bd91045d220febd6d51fa35acd59f7a445d829ba24d279711cf03c18d9ff1b |
| x86_64 | |
| fapolicyd-1.0-3.el8_3.3.x86_64.rpm | SHA-256: 608a0b429d82a8afe9f47aebdb5dc2f62e3258801d5d7a15148a326ec3482a2d |
| fapolicyd-debuginfo-1.0-3.el8_3.3.x86_64.rpm | SHA-256: da792f53950c657bb63db3ad4c5540b8bc4891a7503d1d8c36b87fdbc82e4f85 |
| fapolicyd-debugsource-1.0-3.el8_3.3.x86_64.rpm | SHA-256: 17ad6314ec2986809fe20f35775238a2119b868f59270f568ddbc8498c9fc996 |
| fapolicyd-selinux-1.0-3.el8_3.3.noarch.rpm | SHA-256: 69ca74eabf5323196da08ee61f5d9d53cbfd72031bdb714dfb39dac090a5cff3 |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| fapolicyd-1.0-3.el8_3.3.src.rpm | SHA-256: 55bd91045d220febd6d51fa35acd59f7a445d829ba24d279711cf03c18d9ff1b |
| s390x | |
| fapolicyd-1.0-3.el8_3.3.s390x.rpm | SHA-256: 7debf58face8074bb14e9602914b50c9c7e0b8cb83012119821c54c489f110e5 |
| fapolicyd-debuginfo-1.0-3.el8_3.3.s390x.rpm | SHA-256: 0ca11a0e86fffb9cfc77e49700af7579359bfae1e1e96ce22c202dc4802ddf40 |
| fapolicyd-debugsource-1.0-3.el8_3.3.s390x.rpm | SHA-256: 344732756fdeb7e6cbaeed1ac5a33dd4931cee6bea74921350f1b5f804fef3f6 |
| fapolicyd-selinux-1.0-3.el8_3.3.noarch.rpm | SHA-256: 69ca74eabf5323196da08ee61f5d9d53cbfd72031bdb714dfb39dac090a5cff3 |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| fapolicyd-1.0-3.el8_3.3.src.rpm | SHA-256: 55bd91045d220febd6d51fa35acd59f7a445d829ba24d279711cf03c18d9ff1b |
| ppc64le | |
| fapolicyd-1.0-3.el8_3.3.ppc64le.rpm | SHA-256: cf144d13a23f99c29b6e22339f14b8a1af7a4f32a54e63342b3b4fe8e7b2f083 |
| fapolicyd-debuginfo-1.0-3.el8_3.3.ppc64le.rpm | SHA-256: d26c2ab8b9ae9c0b543de3606c9f93bc39eb92a5d4060e7897c5a5a7597a2581 |
| fapolicyd-debugsource-1.0-3.el8_3.3.ppc64le.rpm | SHA-256: f29fbfe0f5a1b156ce4da73663f4a688171a57b386184a5c6eacd8e6802e01d4 |
| fapolicyd-selinux-1.0-3.el8_3.3.noarch.rpm | SHA-256: 69ca74eabf5323196da08ee61f5d9d53cbfd72031bdb714dfb39dac090a5cff3 |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| fapolicyd-1.0-3.el8_3.3.src.rpm | SHA-256: 55bd91045d220febd6d51fa35acd59f7a445d829ba24d279711cf03c18d9ff1b |
| aarch64 | |
| fapolicyd-1.0-3.el8_3.3.aarch64.rpm | SHA-256: 7524ae70da5d7df65797171b4d7b0186b59eee698a9c4b5c45970f36930275ef |
| fapolicyd-debuginfo-1.0-3.el8_3.3.aarch64.rpm | SHA-256: 5fe7f279c343b167ce0dd2844f58fbc2781f7072766a7eb69fdb090e73ed62c4 |
| fapolicyd-debugsource-1.0-3.el8_3.3.aarch64.rpm | SHA-256: 0b1955b86e57c8635a4ac77a258f7b1da55cd003fc54c21fa79a067f527314aa |
| fapolicyd-selinux-1.0-3.el8_3.3.noarch.rpm | SHA-256: 69ca74eabf5323196da08ee61f5d9d53cbfd72031bdb714dfb39dac090a5cff3 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.