From 163868e0c60d6c2e69043e67f0b0cb6d074813ac Mon Sep 17 00:00:00 2001
From: Sam Feifer <sfeifer@redhat.com>
Date: Thu, 30 Nov 2023 10:46:11 -0500
Subject: [PATCH] Fixes additional selinux denials found testing Resolves:
 RHEL-7505

---
 grafana.spec | 6 +++++-
 grafana.te   | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/grafana.spec b/grafana.spec
index 9b8d6e9..e72bbc7 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -25,7 +25,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          11%{?dist}
+Release:          12%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPL-3.0-only
 URL:              https://grafana.org
@@ -1006,6 +1006,10 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Thu Nov 30 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-12
+- Resolves RHEL-7505
+- Fixes additional selinux denials found when testing on certain architectures
+
 * Tue Nov 21 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-11
 - Resolves RHEL-7505
 - Fixes selinux denials found when testing on certain architectures
diff --git a/grafana.te b/grafana.te
index e81b0dd..e69228a 100644
--- a/grafana.te
+++ b/grafana.te
@@ -87,7 +87,7 @@ allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect };
 
 allow grafana_t self:unix_stream_socket connectto;
 
-allow grafana_t self:netlink_route_socket create;
+allow grafana_t self:netlink_route_socket { create bind getattr nlmsg_read };
 
 optional_policy(`
 	require {