copyfail-defense

Defense-in-depth toolkit for the Copy Fail bug class: three live LPE chains that share the same splice() → MSG_SPLICE_PAGES page-cache write primitive.

v2.0.1 stacks four defensive primitives into a single dnf install: an LD_PRELOAD shim (cf1 primary), a modprobe blacklist for the cf-class entry-point modules (cf1 + cf2 + Dirty Frag), kernel-enforced systemd drop-ins (RestrictAddressFamilies=~AF_ALG ~AF_RXRPC + RestrictNamespaces=~user ~net), and a read-only host posture auditor that reports per-class coverage in JSON for SIEM ingest.

v2.0.1 adds workload auto-detection. At install time, %posttrans inspects the host for IPsec, AFS, and rootless containers. Conflicting drop-ins are suppressed automatically; every other layer stays active. copyfail-redetect re-runs after fleet changes; /etc/copyfail/force-full bypasses detection. See §Auto-detection below for the full signal list, suppression matrix, and how to inspect the decision.

🔍 Full writeup: Copy Fail (CVE-2026-31431) on rfxn.com/research covers the cf1 kernel mechanics; cf2 and Dirty Frag extend the same splice() → in-place-crypto primitive to two more sinks.

Install

A single copyfail.repo file works for EL8/EL9/EL10: dnf expands $releasever + $basearch per host. RPMs are GPG-signed and the metadata itself is verified via detached repomd.xml.asc (gpgcheck=1 + repo_gpgcheck=1).

sudo curl -sSL https://rfxn.github.io/copyfail/copyfail.repo \
  -o /etc/yum.repos.d/copyfail.repo
sudo dnf install -y copyfail-defense
sudo /usr/sbin/copyfail-shim-enable

The meta pulls four subpackages:

Coverage matrix

Which rung blocks which bug class. ✓ = primary mitigation; · = not applicable; superscripts mark caveated coverage (notes below).

¹ Catches the cksum step in the public DF-RxRPC PoC, not the kernel sink itself; defense-in-depth, not a primary stop.
² No-op on RHEL stock kernels (CRYPTO_USER_API* is built-in, so the blacklist line cannot prevent load). Listed for completeness on custom or non-RHEL kernels where algif_aead ships modular.

Reference: kernel patches and audit signatures

The auditor probes page-cache integrity for /usr/bin/su and the PAM stacks every class targets, as a cached-IOC for an in-flight exploit. See --json posture.bug_classes[*].kernel_sink.

Operator-applied (auditor-recommended)

The auditor flags these via --emit-remediation; no subpackage applies them, since each can break legitimate workloads on a busy fleet. Review before pasting.

Auto-detection of conflicting workloads

v2.0.1+ inspects the host in %posttrans for workloads the default cuts would break, and suppresses the conflicting drop-in only while every other layer stays active. The intent is "do no harm to running production"; nothing else relaxes. The cf1 LD_PRELOAD shim and the auditor are never suppressed, so CVE-2026-31431 coverage is unchanged on every host.

Why each workload triggers a carve-out

Detection signals

False-positive guards baked into the detector: /etc/subuid populated by useradd is not a rootless signal — shadow-utils auto-populates subuid for every regular user regardless of container intent, which produced near-100% FPs on cPanel-shaped fleets in v2.0.1 rev 1. The rootful /var/lib/containers/storage signal is gated on mtime < 90d so a long-purged podman install doesn't keep triggering suppression. The /home walk is bounded (maxdepth 6, mtime -180) so a pathological tenant home tree can't stall %posttrans. The /run/user/<UID>/containers signal requires UID ≥ 1000 so system-account artifacts under /run/user/0 don't trip detection.

What stays protected after a suppression

Inspect the decision

%posttrans writes a versioned JSON report to /var/lib/copyfail-defense/auto-detect.json after every install/upgrade and after every copyfail-redetect run:

{
  "schema_version": "2",
  "tool_version": "2.0.1",
  "force_full": false,
  "detected": {
    "ipsec":               { "present": true,  "signals": ["systemctl: strongswan.service enabled"] },
    "afs":                 { "present": false, "signals": [] },
    "rootless_containers": { "present": true,  "signals": ["systemctl --user (alice): podman.socket enabled"] }
  },
  "suppressed": {
    "modprobe_cf2_xfrm":      true,
    "modprobe_rxrpc":         false,
    "systemd_rxrpc_af":       false,
    "systemd_userns_user_at": true
  },
  "applied": { "modprobe_cf1": true, "systemd_userns_sshd": true, "...": "..." }
}

Other inspection paths:

# Per-action log lines from %posttrans / copyfail-redetect
sudo journalctl -t copyfail-defense-detect --since today

# Auditor surface (SIEM-friendly)
sudo copyfail-local-check --json | jq '.posture.auto_detect'
# {"available": true, "suppressed_modprobe": ["cf2_xfrm"], "suppressed_systemd": ["userns_user_at"]}

Re-detect or force full coverage

# Re-run detection after enabling IPsec/AFS/rootless post-install
sudo /usr/sbin/copyfail-redetect
sudo systemctl daemon-reload
sudo systemctl try-reload-or-restart sshd.service

# Skip detection entirely - apply every drop-in unconditionally
sudo mkdir -p /etc/copyfail
sudo touch /etc/copyfail/force-full
sudo /usr/sbin/copyfail-redetect

The auditor reports force-full sentinel active when the sentinel is on. Remove the file and re-run copyfail-redetect to re-engage detection.

Verify

# cf1: AF_ALG socket creation should fail
python3 -c 'import socket; socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0)'
# expect: PermissionError [Errno 1] Operation not permitted

# Holistic per-class coverage report
sudo copyfail-local-check
# tail-of-output:
#   Surface area / mitigation matrix:
#     Class                Sink reachable?  Mitigated?  Active layers
#     cf1 (CVE-2026-31431) YES              yes         ld_preload_shim, systemd_af_alg, modprobe_blacklist
#     cf2 (xfrm-ESP)       YES              yes         modprobe_blacklist, systemd_restrict_ns
#     Dirty Frag-ESP       YES              yes         modprobe_blacklist, systemd_restrict_ns
#     Dirty Frag-RxRPC     YES              yes         modprobe_blacklist, systemd_af_rxrpc

Override paths

The default install applies RestrictNamespaces=~user ~net to user@.service. This breaks rootless podman/buildah under user@.service. Override:

sudo install -d /etc/systemd/system/user@.service.d
sudo tee /etc/systemd/system/user@.service.d/20-override.conf >/dev/null <<'EOF'
[Service]
RestrictNamespaces=
RestrictAddressFamilies=
EOF
sudo systemctl daemon-reload

The 10- prefix on package drop-ins and 99- prefix on the modprobe drop are deliberate: any 20-*.conf or numerically-later operator file overrides ours.

If your fleet legitimately uses IPsec (strongSwan, libreswan, FRRouting), the modprobe blacklist breaks those workloads. Either skip the modprobe subpackage:

sudo dnf install copyfail-defense-shim copyfail-defense-systemd copyfail-defense-auditor
# (omit copyfail-defense and copyfail-defense-modprobe)

…or remove the relevant entries from /etc/modprobe.d/99-copyfail-defense.conf (the file is %config(noreplace), so your edit survives package upgrade). Same logic for AFS (openafs, kafs) and the rxrpc blacklist line.

Auditor JSON (v2.0 schema)

{
  "schema_version": "2.0",
  "covers": ["CVE-2026-31431", "cf2-xfrm-esp", "dirtyfrag-esp", "dirtyfrag-rxrpc"],
  "posture": {
    "verdict": "vulnerable_kernel_userspace_mitigated",
    "bug_classes_covered": ["cf1", "cf2", "dirtyfrag-esp"],
    "bug_classes": {
      "cf1":             { "applicable": true, "mitigated": true,  "kernel_sink": "...", "layers": {...} },
      "cf2":             { "applicable": true, "mitigated": true,  "kernel_sink": "...", "layers": {...} },
      "dirtyfrag-esp":   { "applicable": true, "mitigated": true,  "kernel_sink": "...", "layers": {...} },
      "dirtyfrag-rxrpc": { "applicable": true, "mitigated": false, "kernel_sink": "...", "layers": {...} }
    },
    "layers": { ... }
  }
}

bug_classes_covered is the SIEM-ergonomic single filter ("is this host hardened?"). The bug_classes map exposes per-layer breakdown for finer dashboards. Exit codes 0 clean, 2 VULN, 3 VULN-but-mitigated, 4 hardening recommendations only (unchanged from v1.0.x).

Direct downloads

Each release on github.com/rfxn/copyfail/releases ships per-EL binary RPMs, an SRPM, the .repo file, and the public signing key as release assets. The same files are published in the dnf tree below. v2.0.0 and v1.0.1 RPMs are retained alongside v2.0.1 to support clean dnf upgrade across the rename chain (afalg-defense → copyfail-defense).

The .repo file (works on EL8/EL9/EL10):

sudo curl -sSL https://rfxn.github.io/copyfail/copyfail.repo \
  -o /etc/yum.repos.d/copyfail.repo

And the public signing key (dnf imports this automatically on first install, but you can pre-import it):

sudo curl -sSL https://rfxn.github.io/copyfail/RPM-GPG-KEY-copyfail \
  | sudo rpm --import /dev/stdin

Per-EL binary RPMs are independently compiled against each distribution's glibc (EL8: 2.28 with split libdl; EL9/EL10: 2.34+ with merged libdl); do not cross-install across ELs.

EL8 (RHEL/Alma/Rocky/CentOS Stream 8)

EL9 (RHEL/Alma/Rocky/CentOS Stream 9)

EL10 (RHEL 10 / CentOS Stream 10 / AlmaLinux Kitten)

v1.0.1 RPMs (legacy afalg-defense family) are retained in the repo trees through the 2.0.x release line for clean dnf upgrade compatibility. Removed in v2.0.1.

Signing

v1.0.1 and later are signed by the Copyfail Project Signing Key:

fingerprint: 6001 1CDC EA2F F52D 975A  FDEE 6D30 F32C D5E8 0F80
uid:         Copyfail Project Signing Key <proj@rfxn.com>
key file:    /RPM-GPG-KEY-copyfail

The copyfail.repo sets both gpgcheck=1 (verifies each RPM) and repo_gpgcheck=1 (verifies repomd.xml via the detached repomd.xml.asc we publish alongside it). dnf imports the public key from gpgkey= on first use.

Verify out-of-band:

curl -sSL https://rfxn.github.io/copyfail/RPM-GPG-KEY-copyfail | gpg --import
gpg --fingerprint proj@rfxn.com
# expect: 6001 1CDC EA2F F52D 975A  FDEE 6D30 F32C D5E8 0F80
rpm --import https://rfxn.github.io/copyfail/RPM-GPG-KEY-copyfail
rpm -K /path/to/copyfail-defense-2.0.1-1.el9.x86_64.rpm
# expect: digests signatures OK

Defense in depth

Each rung defeats the bug by a different mechanism, so an attack that defeats one does not necessarily defeat the next.

Reporting issues

Bugs, packaging problems, false positives, missing distros: please file a GitHub issue. Include the auditor's --json output if the report is about detection, and the output of uname -a + cat /etc/os-release for any runtime question.