- Issued:
- 2020-11-30
- Updated:
- 2020-11-30
RHBA-2020:5242 - fapolicyd bug fix update
Synopsis
fapolicyd bug fix update
Type/Severity
Bug Fix Advisory None
Topic
An update for fapolicyd is now available for Red Hat Enterprise Linux 8.
Description
The fapolicyd software framework introduces a form of application whitelisting and blacklisting based on a user-defined policy. The application whitelisting feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system.
Bug Fix:
- When an update replaces the binary of a running application, the kernel modifies the application binary path in memory by appending the " (deleted)" suffix. Previously, the fapolicyd file access policy daemon treated such applications as untrusted, and prevented them from opening and executing any other files. As a consequence, the system was sometimes unable to boot after applying updates.
With this update, fapolicyd ignores the suffix in the binary path so the binary can match the trust database. As a result, fapolicyd enforces the rules correctly and the update process can finish.
(BZ#1897090)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 | 8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 8.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension | 8.8 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension | 8.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension | 8.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Life Cycle | 8.10 | x86_64 |
| Red Hat Enterprise Linux for Power, little endian | 8 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.8 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.6 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 8.4 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle | 8.10 | ppc64le |
| Red Hat Enterprise Linux for IBM z Systems | 8 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.8 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.6 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 8.4 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle | 8.10 | s390x |
| Red Hat Enterprise Linux for ARM 64 | 8 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.8 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.6 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 8.4 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle | 8.10 | aarch64 |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.8 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.6 | ppc64le |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.4 | ppc64le |
| Red Hat Enterprise Linux Server - TUS | 8.8 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 8.6 | x86_64 |
| Red Hat Enterprise Linux Server - TUS | 8.4 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 8.6 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 8.4 | x86_64 |
Updated Packages
- fapolicyd-debugsource-1.0-3.el8_3.3.ppc64le.rpm
- fapolicyd-1.0-3.el8_3.3.s390x.rpm
- fapolicyd-1.0-3.el8_3.3.aarch64.rpm
- fapolicyd-debuginfo-1.0-3.el8_3.3.aarch64.rpm
- fapolicyd-1.0-3.el8_3.3.x86_64.rpm
- fapolicyd-1.0-3.el8_3.3.src.rpm
- fapolicyd-1.0-3.el8_3.3.ppc64le.rpm
- fapolicyd-debuginfo-1.0-3.el8_3.3.s390x.rpm
- fapolicyd-debuginfo-1.0-3.el8_3.3.x86_64.rpm
- fapolicyd-debugsource-1.0-3.el8_3.3.aarch64.rpm
- fapolicyd-debugsource-1.0-3.el8_3.3.s390x.rpm
- fapolicyd-debugsource-1.0-3.el8_3.3.x86_64.rpm
- fapolicyd-selinux-1.0-3.el8_3.3.noarch.rpm
- fapolicyd-debuginfo-1.0-3.el8_3.3.ppc64le.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.