Chapter 1. Introduction to fapolicyd

PDF

The fapolicyd software framework controls the execution of applications based on a user-defined policy. This is one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. For more information, refer to Blocking and allowing applications by using fapolicyd in the Security hardening guide for RHEL 9.

Note

The procedures described below put all detected SAP HANA executables into fapolicyd trust files, which contain all names, sizes, and checksums of trusted files. SAP HANA binaries and shell scripts can only be executed if they are contained in the fapolicyd trust files. So, if you execute SAP HANA binaries or shell scripts that are not contained in the fapolicyd trust files, undesirable effects, including corruption or loss of data, could happen. You must carefully test all the steps and do proper verification on a non-production system first.

Github

Youtube

Twitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.