Fix postgresql AVC denials

This commit is contained in:
Sam Feifer 2023-12-18 10:42:57 -05:00
parent 51103637cb
commit 0a301faf67
2 changed files with 15 additions and 1 deletions

View File

@ -25,7 +25,7 @@ end}
Name: grafana
Version: 9.2.10
Release: 13%{?dist}
Release: 14%{?dist}
Summary: Metrics dashboard and graph editor
License: AGPL-3.0-only
URL: https://grafana.org
@ -1006,6 +1006,9 @@ fi
%{_datadir}/selinux/*/grafana.pp
%changelog
* Mon Dec 18 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
- Fixes postgresql AVC denials
* Fri Dec 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13
- Fixes coredump issue introduced by selinux
- Patches out call to panic when trying to walk "/" directory

View File

@ -106,6 +106,17 @@ optional_policy(`
')
optional_policy(`
require {
type postgresql_t;
type postgresql_var_run_t;
class unix_stream_socket { connectto };
class sock_file { write };
}
allow grafana_t postgresql_t:unix_stream_socket connectto;
allow grafana_t postgresql_var_run_t:sock_file write;
')
manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)