Open SkewedZeppelin opened 4 months ago
@radosroka Is the dnf plugin still shipped in Fedora? Or do you think rpm is doing this? If it is rpm, maybe we need to see how it retriggers a load.
rpm-plugin-fapolicyd is present on the list.
@SkewedZeppelin can you provide fapolicyd logs when running in debug mode?
@SkewedZeppelin would you check whether https://github.com/linux-application-whitelisting/fapolicyd/pull/297 fix your issue?
@radosroka I actually haven't hit this yet since updating to F40, but I think it is still a chance thing. I've compiled and installed it, will run with it a few days and see if I hit it again or not. Thank you.
Closing, haven't encountered this at all under F40. Thank you.
Just hit this for this first time on f40 with fapolicyd-1.3.3-4.fc40 So it still happens just far less common
@SkewedZeppelin thank you for the update. I will continue with investigation.
I've been experiencing this more frequently.
Can there be an sanity check added to not make the reload effective if its entry count is substantially smaller ie. likely broken? or maybe a failsafe that exempts some basics like sync and shutdown binaries so that a somewhat clean shutdown can be performed instead of a hard power off
I've been using fapolicyd for a few months now under Fedora 39.
I've encountered an issue that happens probably 1 in every 3 or 4 times when running eg. dnf update or dnf install. fapolicyd will reload after dnf completes, but something happens and all future executions are entirely denied locking up the system
I think it might actually be a race condition where sometimes after dnf runs, dnf makecache is immediately automatically invoked. So fapolicyd is already in the middle of reloading and tries to reload again or maybe makecache takes a lock on the rpm database and prevents reading?
It seems more likely to occur on my faster desktop than it does on my slower laptop as well.
edit: package versions