Rule that contains the domain group not work #366
Description
fapolicyd version: 1.3.4
Problem: rule that contains the domain group not work
fapolicyd-cli --list
-> %languages=application/zip,application/x-bytecode.ocaml,application/x-bytecode.python,application/java-archive,text/x-java,application/x-java-applet,application/javascript,text/javascript,text/x-awk,text/x-gawk,text/x-lisp,application/x-elc,text/x-lua,text/x-m4,text/x-nftables,text/x-perl,text/x-php,text/x-python,text/x-R,text/x-ruby,text/x-script.guile,text/x-tcl,text/x-luatex,text/x-systemtap
1. allow perm=any uid=0 : dir=/var/tmp/
2. allow perm=any uid=0 trust=1 : all
3. allow perm=open exe=/usr/bin/rpm : all
4. allow perm=open exe=/usr/bin/python3.11 comm=dnf : all
5. deny_syslog perm=any pattern=ld_so : all
6. deny_syslog perm=any all : ftype=application/x-bad-elf
7. allow perm=open all : ftype=application/x-sharedlib trust=1
8. deny_syslog perm=open all : ftype=application/x-sharedlib
9. allow perm=execute all : trust=1
10. allow perm=open all : ftype=%languages trust=1
11. deny_syslog perm=any all : ftype=%languages
12. allow perm=any all : ftype=text/x-shellscript
13. allow perm=execute all : trust=1
14. allow perm=execute gid=0 : all
15. deny_syslog perm=execute gid=106248123 : dir=/home/
16. allow perm=open all : all
106248123 - domain group.
test_pda2 is member of domain group 106248123
$ whoami
test_pda2
$ id -G
100 106248123 671000513 671098459 671149198
$ mkdir ~/bin
$ cp /usr/bin/ls ~/bin/ls
$ ~/bin/ls
bin boot dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
rule 15. deny_syslog perm=execute gid=106248123 : dir=/home/ not work.