From 4d5fa19192cb24597090bfb4a0c11a7c9a190a82 Mon Sep 17 00:00:00 2001
From: Sam Feifer <sfeifer@redhat.com>
Date: Tue, 21 Nov 2023 09:27:36 -0500
Subject: [PATCH] Fixes selinux denials found testing Resolves: RHEL-7505

---
 grafana.spec | 6 +++++-
 grafana.te   | 2 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/grafana.spec b/grafana.spec
index ac625af..9b8d6e9 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -25,7 +25,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          10%{?dist}
+Release:          11%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPL-3.0-only
 URL:              https://grafana.org
@@ -1006,6 +1006,10 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Tue Nov 21 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-11
+- Resolves RHEL-7505
+- Fixes selinux denials found when testing on certain architectures
+
 * Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-10
 - Resolves RHEL-7505
 - Adds a selinux policy for grafana
diff --git a/grafana.te b/grafana.te
index 74f27d5..e81b0dd 100644
--- a/grafana.te
+++ b/grafana.te
@@ -87,6 +87,8 @@ allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect };
 
 allow grafana_t self:unix_stream_socket connectto;
 
+allow grafana_t self:netlink_route_socket create;
+
 optional_policy(`
 	require {
 		type smtp_port_t;