From 41cdce4e9e3bf2a86269955be4c34096821e206a Mon Sep 17 00:00:00 2001
From: Sam Feifer <sfeifer@redhat.com>
Date: Thu, 1 Feb 2024 09:53:16 -0500
Subject: [PATCH] Resolves: RHEL-23466 Resolves: RHEL-21027 Allow for
 PostgreSQL datasource Allow gid to be 0

---
 ...rafana-cli-script-with-distro-specific-paths.patch |  2 +-
 grafana.spec                                          |  8 +++++++-
 grafana.te                                            | 11 +++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/0001-update-grafana-cli-script-with-distro-specific-paths.patch b/0001-update-grafana-cli-script-with-distro-specific-paths.patch
index c6c3290..ae15f74 100644
--- a/0001-update-grafana-cli-script-with-distro-specific-paths.patch
+++ b/0001-update-grafana-cli-script-with-distro-specific-paths.patch
@@ -52,7 +52,7 @@ index dafa075a2c..eda358c425 100755
 +                         cfg:default.paths.logs=${LOG_DIR} \
 +                         cfg:default.paths.plugins=${PLUGINS_DIR}")
 +
-+if [ "$(id -u)" -eq 0 ]; then
++if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
 +  cd "${GRAFANA_HOME}"
 +  exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
 +elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
diff --git a/grafana.spec b/grafana.spec
index 68ac26a..9a842ad 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -35,7 +35,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          14%{?dist}
+Release:          15%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPLv3
 URL:              https://grafana.org
@@ -1019,6 +1019,12 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15
+- Resolves RHEL-23466
+- Resolves RHEL-21027
+- Allows for gid to be 0
+- Allows for postgreSQL datasource in selinux policy
+
 * Mon Dec 18 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
 - Resolves RHEL-19596
 - Fixes coredump issue introduced by selinux
diff --git a/grafana.te b/grafana.te
index 6cbedb2..b7acfed 100644
--- a/grafana.te
+++ b/grafana.te
@@ -27,6 +27,13 @@ gen_tunable(grafana_can_tcp_connect_elasticsearch_port, false)
 ## </desc>
 gen_tunable(grafana_can_tcp_connect_mysql_port, false)
 
+## <desc>
+## <p>
+## Allow grafana to connect to postgresql's default tcp port of 5432
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_postgresql_port, false)
+
 ## <desc>
 ## <p>
 ## Allow grafana to connect to prometheus' default tcp port of 9090
@@ -179,6 +186,10 @@ tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3
 	corenet_tcp_connect_mysqld_port(grafana_t)
 ')
 
+tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
+	corenet_tcp_connect_postgresql_port(grafana_t)
+')
+
 tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
 	corenet_tcp_connect_websm_port(grafana_t)
 ')