rpms/grafana
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fixes postgresql AVC denial

Browse Source 
Related: RHEL-7505
This commit is contained in:
Sam Feifer 2023-12-19 10:44:09 -05:00
parent 567c170a6d
commit 1159ac80de
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
grafana.spec
View File

@ -25,7 +25,7 @@ end}
Name: grafana Name: grafana
Version: 9.2.10 Version: 9.2.10
Release: 13%{?dist} Release: 14%{?dist}
Summary: Metrics dashboard and graph editor Summary: Metrics dashboard and graph editor
License: AGPL-3.0-only License: AGPL-3.0-only
URL: https://grafana.org URL: https://grafana.org
@ -1008,6 +1008,10 @@ fi
%{_datadir}/selinux/*/grafana.pp %{_datadir}/selinux/*/grafana.pp
%changelog %changelog
* Tue Dec 19 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
- Fixes postgresql AVC denial
- Related RHEL-7505
* Thu Dec 14 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13 * Thu Dec 14 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13
- Resolves RHEL-19296 - Resolves RHEL-19296
- Fixes coredump issue introduced by selinux - Fixes coredump issue introduced by selinux

11
grafana.te
View File

@ -105,6 +105,17 @@ optional_policy(`
allow grafana_t usr_t:file { execute execute_no_trans }; allow grafana_t usr_t:file { execute execute_no_trans };
') ')
optional_policy(`
require {
type postgresql_t;
type postgresql_var_run_t;
class unix_stream_socket { connectto };
class sock_file { write };
}
allow grafana_t postgresql_t:unix_stream_socket connectto;
allow grafana_t postgresql_var_run_t:sock_file write;
')
manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)