Fix postgresql AVC denials
This commit is contained in:
parent
51103637cb
commit
0a301faf67
@ -25,7 +25,7 @@ end}
|
||||
|
||||
Name: grafana
|
||||
Version: 9.2.10
|
||||
Release: 13%{?dist}
|
||||
Release: 14%{?dist}
|
||||
Summary: Metrics dashboard and graph editor
|
||||
License: AGPL-3.0-only
|
||||
URL: https://grafana.org
|
||||
@ -1006,6 +1006,9 @@ fi
|
||||
%{_datadir}/selinux/*/grafana.pp
|
||||
|
||||
%changelog
|
||||
* Mon Dec 18 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
|
||||
- Fixes postgresql AVC denials
|
||||
|
||||
* Fri Dec 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13
|
||||
- Fixes coredump issue introduced by selinux
|
||||
- Patches out call to panic when trying to walk "/" directory
|
||||
|
11
grafana.te
11
grafana.te
@ -106,6 +106,17 @@ optional_policy(`
|
||||
')
|
||||
|
||||
|
||||
optional_policy(`
|
||||
require {
|
||||
type postgresql_t;
|
||||
type postgresql_var_run_t;
|
||||
class unix_stream_socket { connectto };
|
||||
class sock_file { write };
|
||||
}
|
||||
allow grafana_t postgresql_t:unix_stream_socket connectto;
|
||||
allow grafana_t postgresql_var_run_t:sock_file write;
|
||||
')
|
||||
|
||||
manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
|
||||
manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user