- Issued:
- 2020-11-30
- Updated:
- 2020-11-30
RHBA-2020:5243 - Bug Fix Advisory
Synopsis
fapolicyd bug fix update
Type/Severity
Bug Fix Advisory
Topic
An update for fapolicyd is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Description
The fapolicyd software framework introduces a form of application whitelisting
and blacklisting based on a user-defined policy. The application whitelisting
feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system.
Bug Fix:
- When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " (deleted)" suffix. Previously, the fapolicyd file access policy daemon treated such
applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.
With this update, fapolicyd ignores the suffix in the binary path so the binary can match the trust database. As a result, fapolicyd enforces the rules correctly and the update process can finish.
(BZ#1897091)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 1897091 - fapolicyd breaks system upgrade, leaving system in dead state - complete fix [rhel-8.2.0.z]
CVEs
(none)
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2
| SRPM | |
|---|---|
| fapolicyd-0.9.1-4.el8_2.3.src.rpm | SHA-256: f394e312e025305dcbe2106397c75ff349e3ae02b12b38b820347f85ca4deb5d |
| x86_64 | |
| fapolicyd-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 1f2fc3609ac383b5b0d91a604be02e9c07f07cf5344ca8815c4371dc202f005c |
| fapolicyd-debuginfo-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 0aaa513d2f2af4dc666a14ed19151040ac7b35245bd9e71fdefb42d030d67adc |
| fapolicyd-debugsource-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 51b3f00539a007c4639f802a382f784a68fb3c45cd17e191116d59168fbe1701 |
Red Hat Enterprise Linux Server - AUS 8.2
| SRPM | |
|---|---|
| fapolicyd-0.9.1-4.el8_2.3.src.rpm | SHA-256: f394e312e025305dcbe2106397c75ff349e3ae02b12b38b820347f85ca4deb5d |
| x86_64 | |
| fapolicyd-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 1f2fc3609ac383b5b0d91a604be02e9c07f07cf5344ca8815c4371dc202f005c |
| fapolicyd-debuginfo-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 0aaa513d2f2af4dc666a14ed19151040ac7b35245bd9e71fdefb42d030d67adc |
| fapolicyd-debugsource-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 51b3f00539a007c4639f802a382f784a68fb3c45cd17e191116d59168fbe1701 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2
| SRPM | |
|---|---|
| fapolicyd-0.9.1-4.el8_2.3.src.rpm | SHA-256: f394e312e025305dcbe2106397c75ff349e3ae02b12b38b820347f85ca4deb5d |
| s390x | |
| fapolicyd-0.9.1-4.el8_2.3.s390x.rpm | SHA-256: 988c05998bfda9c4b3dc79948374ab4bb0b70cfe21ac4428f29ab6b99e89b9b9 |
| fapolicyd-debuginfo-0.9.1-4.el8_2.3.s390x.rpm | SHA-256: eff7695b753f95ee1f9b82ac88307f7ad691555c14d39a894f3362bb101bbc06 |
| fapolicyd-debugsource-0.9.1-4.el8_2.3.s390x.rpm | SHA-256: 60c6d7d649b31d80de18a001a17eae786fabe32ab20c26c35f80dd547dc29502 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2
| SRPM | |
|---|---|
| fapolicyd-0.9.1-4.el8_2.3.src.rpm | SHA-256: f394e312e025305dcbe2106397c75ff349e3ae02b12b38b820347f85ca4deb5d |
| ppc64le | |
| fapolicyd-0.9.1-4.el8_2.3.ppc64le.rpm | SHA-256: d97a4eb1c1921337a9650b1358e24c1b5f7682dbaee3cdd40640a11a412e24d8 |
| fapolicyd-debuginfo-0.9.1-4.el8_2.3.ppc64le.rpm | SHA-256: d5ae63c248577917d2b4ee18fbde6e42ad821dc82fd7a5f828fb39245f88c775 |
| fapolicyd-debugsource-0.9.1-4.el8_2.3.ppc64le.rpm | SHA-256: 27f473398dfd4fafed0bf791be4fdda430b87142e3b5e312d493a516650d6370 |
Red Hat Enterprise Linux Server - TUS 8.2
| SRPM | |
|---|---|
| fapolicyd-0.9.1-4.el8_2.3.src.rpm | SHA-256: f394e312e025305dcbe2106397c75ff349e3ae02b12b38b820347f85ca4deb5d |
| x86_64 | |
| fapolicyd-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 1f2fc3609ac383b5b0d91a604be02e9c07f07cf5344ca8815c4371dc202f005c |
| fapolicyd-debuginfo-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 0aaa513d2f2af4dc666a14ed19151040ac7b35245bd9e71fdefb42d030d67adc |
| fapolicyd-debugsource-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 51b3f00539a007c4639f802a382f784a68fb3c45cd17e191116d59168fbe1701 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2
| SRPM | |
|---|---|
| fapolicyd-0.9.1-4.el8_2.3.src.rpm | SHA-256: f394e312e025305dcbe2106397c75ff349e3ae02b12b38b820347f85ca4deb5d |
| aarch64 | |
| fapolicyd-0.9.1-4.el8_2.3.aarch64.rpm | SHA-256: e42bc78c4ba8d7885c60821f3785d006aafe4ab6df8be0bbfeb32d1fad5b5166 |
| fapolicyd-debuginfo-0.9.1-4.el8_2.3.aarch64.rpm | SHA-256: 814320fe00f9e57954f2dab470cdf36e4f908465a46234636ffc17456ac8afc9 |
| fapolicyd-debugsource-0.9.1-4.el8_2.3.aarch64.rpm | SHA-256: 4ab14adc235e09a7c47b5611f5f3fd9a04524ae2004e83c05359bd2b286f45e5 |
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2
| SRPM | |
|---|---|
| fapolicyd-0.9.1-4.el8_2.3.src.rpm | SHA-256: f394e312e025305dcbe2106397c75ff349e3ae02b12b38b820347f85ca4deb5d |
| ppc64le | |
| fapolicyd-0.9.1-4.el8_2.3.ppc64le.rpm | SHA-256: d97a4eb1c1921337a9650b1358e24c1b5f7682dbaee3cdd40640a11a412e24d8 |
| fapolicyd-debuginfo-0.9.1-4.el8_2.3.ppc64le.rpm | SHA-256: d5ae63c248577917d2b4ee18fbde6e42ad821dc82fd7a5f828fb39245f88c775 |
| fapolicyd-debugsource-0.9.1-4.el8_2.3.ppc64le.rpm | SHA-256: 27f473398dfd4fafed0bf791be4fdda430b87142e3b5e312d493a516650d6370 |
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2
| SRPM | |
|---|---|
| fapolicyd-0.9.1-4.el8_2.3.src.rpm | SHA-256: f394e312e025305dcbe2106397c75ff349e3ae02b12b38b820347f85ca4deb5d |
| x86_64 | |
| fapolicyd-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 1f2fc3609ac383b5b0d91a604be02e9c07f07cf5344ca8815c4371dc202f005c |
| fapolicyd-debuginfo-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 0aaa513d2f2af4dc666a14ed19151040ac7b35245bd9e71fdefb42d030d67adc |
| fapolicyd-debugsource-0.9.1-4.el8_2.3.x86_64.rpm | SHA-256: 51b3f00539a007c4639f802a382f784a68fb3c45cd17e191116d59168fbe1701 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.