v1.3.4

What's Changed

• Uniform separators in state log by @jw3 in #314
• Fix for rpmdb with SQLite3 backend by @radosroka in #317

Full Changelog: v1.3.3...v1.3.4

v1.3.3

What's Changed

• Fix CI by @radosroka in #250
• Fix multiple leaks by @radosroka in #251
• Ci enablement by @sopos in #245
• Fix doc typo for SIGTERM by @epryan in #252
• Initial creation of debian package. by @stridge-cruxml in #255
• Update notify.c for issue #254 by @wjhunter3 in #257
• Reset the dpkg hash table before populating it again. by @stridge-cruxml in #260
• Fix build package when user has more than 16 supplementary groups by @iwamatsu in #268
• use master head of the fapolicyd-selinux by @sopos in #269
• Protect system from deadly signals received by fapolicyd by @rmetrich in #273
• Ensure that /run/fapolicyd exists before performing file operations by @Kangie in #271
• Stop blocking signals in other threads by @rmetrich in #276
• Improve logging: make stderr output more colourful; add timestamps by @Kangie in #275
• Extract MD5 logic for reuse by @Kangie in #277
• Identify ruleset with sha by @jw3 in #279
• Add --reload-rules doc by @jw3 in #283
• Fix 'error label at end of compound statement' by @radosroka in #289
• Add --with-asan for configure by @radosroka in #282
• Regen patch for uthash bundling by @radosroka in #290
• Use asan in packit by @radosroka in #291
• Update README.md by @topimiettinen in #296
• Configurable metric reporting interval by @jw3 in #284
• ID begins with a digit or minus sign by @skosachiov in #294
• Make fd_fgets thread safe by @radosroka in #299

New Contributors

• @epryan made their first contribution in #252
• @wjhunter3 made their first contribution in #257
• @rmetrich made their first contribution in #273
• @Kangie made their first contribution in #271
• @jw3 made their first contribution in #279
• @topimiettinen made their first contribution in #296
• @skosachiov made their first contribution in #294

Full Changelog: v1.3.2...v1.3.3

v1.3.2

What's Changed

• Sync the default q_size value with manpage by @radosroka in #248
• Fix broken backwards compatibility backend numbers by @radosroka in #249
• Spec tweaks by @sopos in #242
• Fixed multiple leaks found by coverity and valgrind

Full Changelog: v1.3.1...v1.3.2

v1.3.1

What's Changed

• Fix uncomplete 331a38e by @radosroka in #247

Full Changelog: v1.3...v1.3.1

v1.3

What's Changed

• Add shell escaping for syslog output by @radosroka in #226
• Convert to SPDX compatible license tag by @radosroka in #229
• Introduce format number 3 in a trust file by @radosroka in #231
• Implement unascape capability for mounts by @radosroka in #232
• Dont use "config" in the rule managament methods by @radosroka in #234
• Fix error path when appending to queue by @radosroka in #236
• Initial debdb implementation. by @stridge-cruxml in #230
• Rename filter file in fapolicyd by @radosroka in #244
• Introduce runtime rules reloading feature by @radosroka in #243
• Unsupported backend is an error by @radosroka in #246

Full Changelog: v1.2...v1.3

fapolicyd-1.2

Major Changes:

• Extend state machine to skip opens after exec until dyn linker found
• Control filtering of unwanted files in rpm backend with config file
• Add support for logging rule number of decision in the audit event (requires the 6.4 kernel or later)

fapolicyd-1.1.7

This is a bug fix release. Re-add dropped FAN_MARK_MOUNT for monitoring events. The symptom was no events. Make some updates to allow running without an rpm back successful.

fapolicyd-1.1.6

This fixes a compile problem in the last release when using older gcc versions.

fapolicyd-1.1.5

This release adds a new check to fapolicyd-cli to allow detection of files in the PATH variable that are not in the trustdb. Also, a new configuration option for using FAN_MARK_FILESYSTEM if the kernel supports it. The default is off. This release also fixes a bug where trusted static apps can start programs with ld.so which is not detected by the ldso_pattern.

fapolicyd-1.1.4

This release switches SHA256 hashing to openssl, fixes a couple memory leaks on error paths, adds --check-status to fapolicyd-cli, exit if fapolicyd is already running, and adds bash completions for the daemon and cli utility.