linux-application-whitelisting
Infinite loop for new mount after deleting mount
If there are no mounted watch types initially, then a second mount point to watch is detected, after the first mount point is deleted, the daemon will enter an infinite loop. To re-create, from a fresh install:
- Stop fapolicyd: # systemctl stop fapolicyd
- Edit /etc/fapolicyd/fapolicyd.conf at set watch_fs to only ramfs: watch_fs = ramfs
- Run fapolicyd in debug to view the loop: # /usr/sbin/fapolicyd --debug
- Mount a ramfs: # mkdir /tmp/test # mount -t ramfs /dev/ram0 /tmp/test
- Unmount the ramfs: # umount /tmp/test
- Re-mount the ramfs: # mount -t ramfs /dev/ram0 /tmp/test
- View the output of fapolicyd to see the infinite loop: . . . Trust database checks OK Starting to listen for events Mount change detected Added /test mount point Mount change detected Deleted /test mount point Mount change detected Added /test mount point Added /test mount point Added /test mount point Added /test mount point Added /test mount point . . .
I failed to reproduce the issue. Are the steps complete? Wasn't the fapolicyd-cli --update involved as well?
If it makes a difference I'm running fapolicyd 1.3.1 on RHEL 8, but I haven't seen any changes between 1.3.1 and 1.3.2 that would resolve the problems I'm seeing. The rules/trustdb do not come into play, so I'm not sure why fapolicyd-cli --update would be necessary.
Also . . . the problem only manifests when there are no mount points to watch when fapolicyd starts.
Hello, I just pushed commit d9029f8 which should take care of the problem. It fixes the code where it sits rather than making a new function. Please give it a try and let me know if it fixes your problem.
I think this issue has been solved for a while. Feel free to re-open if there are new observations.