Closed tparchambault closed 1 year ago
@tparchambault It doesnt look like fapolicyd is running in your screenshot, so likely after you upgraded the fapolicyd database was not updated with the new rpmdb contents. Our hashes from disk are accurate, but no longer match with fapolicyd trust, so they show red.
This is not our responsibility, but @egbicker has a PR #675 that allows us to force a refresh on fapolicyd. This behavior is an example of what that PR would resolve.
To resolve you can either start fapolicyd, or use fapolicyd-cli
to signal a trust refresh.
Good to know. Let me fire up fapolicyd
...
After starting fapolicyd
and restarting fapolicyd-analyzer
, only about two handfuls of discrepanicies
in the System Trust view.
All good. Thx @jw3 !
Observed an interesting phenomenon wrt
fapolicy-analyzer
displaying only ~1/3 of the ~39K files in the System Trust database asTrusted
after upgrading an FC36 system to an FC38 via the official standard runtime upgrade path i.e. the user gets prompted about an FC38 upgrade being available and clicking through the acceptance/downloading/reboot sequence.My guess is that, this is not an
fapolicy-analyzer
issue but I believe we do recalculate file hashes and that calculation may not align with that of the rpmdb or whateverfapolicyd
is/was using. I think it's a non-issue but in the event someone else reports a similar symptom, we will have at least observed it previously.