Resolves: RHEL-23466

Resolves: RHEL-21027 Allow for PostgreSQL datasource Allow gid to be 0
2024-02-01 09:53:16 -05:00 · 2024-02-01 09:53:16 -05:00 · 41cdce4e9e
commit 41cdce4e9e
parent ceeb8ba298
3 changed files with 19 additions and 2 deletions
--- a/0001-update-grafana-cli-script-with-distro-specific-paths.patch
+++ b/0001-update-grafana-cli-script-with-distro-specific-paths.patch
@ -52,7 +52,7 @@ index dafa075a2c..eda358c425 100755
 +                         cfg:default.paths.logs=${LOG_DIR} \
 +                         cfg:default.paths.plugins=${PLUGINS_DIR}")
 +
-+if [ "$(id -u)" -eq 0 ]; then
+if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
 +  cd "${GRAFANA_HOME}"
 +  exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
 +elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
--- a/grafana.spec
+++ b/grafana.spec
@ -35,7 +35,7 @@ end}

 Name:             grafana
 Version:          9.2.10
-Release:          14%{?dist}
+Release:          15%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPLv3
 URL:              https://grafana.org
@ -1019,6 +1019,12 @@ fi
 %{_datadir}/selinux/*/grafana.pp

 %changelog
+* Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15
+- Resolves RHEL-23466
+- Resolves RHEL-21027
+- Allows for gid to be 0
+- Allows for postgreSQL datasource in selinux policy
+
 * Mon Dec 18 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
 - Resolves RHEL-19596
 - Fixes coredump issue introduced by selinux
--- a/grafana.te
+++ b/grafana.te
@ -27,6 +27,13 @@ gen_tunable(grafana_can_tcp_connect_elasticsearch_port, false)
 ## </desc>
 gen_tunable(grafana_can_tcp_connect_mysql_port, false)

+## <desc>
+## <p>
+## Allow grafana to connect to postgresql's default tcp port of 5432
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_postgresql_port, false)
+
 ## <desc>
 ## <p>
 ## Allow grafana to connect to prometheus' default tcp port of 9090
@ -179,6 +186,10 @@ tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3
 	corenet_tcp_connect_mysqld_port(grafana_t)
 ')

+tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
+	corenet_tcp_connect_postgresql_port(grafana_t)
+')
+
 tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
 	corenet_tcp_connect_websm_port(grafana_t)
 ')