Adding Files to the Trust File Database

You can add any files that aren't installed by using DNF to the file database manually.

To add a file to the trust file database, run:

sudo fapolicyd-cli --file add <path_to_file> --trust-file trust_entry

If the file isn't already in a trust database, the command adds the file to the trust file configuration by creating an entry at /etc/fapolicyd/trust.d/<trust_entry>.

For example, to add /home/user/demo.bin to /etc/fapolicyd/trust.d/demo, run:

sudo fapolicyd-cli --file add /home/user/demo.bin --trust-file demo

Tip:

You can use command line tools such as find to add several entries to the trust file database at the same time. For example:

find /home/user/bin/ -type f -exec fapolicyd-cli --file add {} --trust-file trusted_user_bin \;

All entries in the trust file database are stored as plain text files in /etc/fapolicyd/trust.d/ and can be edited with a text editor, if required. If you need to update file sizes or hash values, see Updating the Trust File Database.

Tip:

To remove a file from the trust file database, either edit the text file directly to remove the entry, or run:

sudo fapolicyd-cli --file delete <path_to_file>

Important:

After you make any changes to the trust file database you must refresh the trust database before fapolicyd registers those changes. See Refreshing the Trust Database.