From 51103637cb8ed53f3c4a43f85febb76bc1eea7b3 Mon Sep 17 00:00:00 2001 From: Sam Feifer Date: Fri, 15 Dec 2023 11:55:48 -0500 Subject: [PATCH] Fix coredump caused by selinux denial --- 0012-coredump-selinux-error.patch | 13 +++++++++++++ grafana.spec | 8 +++++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 0012-coredump-selinux-error.patch diff --git a/0012-coredump-selinux-error.patch b/0012-coredump-selinux-error.patch new file mode 100644 index 0000000..5bdcc5b --- /dev/null +++ b/0012-coredump-selinux-error.patch @@ -0,0 +1,13 @@ +diff --git a/pkg/framework/coremodel/helpers.go b/pkg/framework/coremodel/helpers.go +index 20d111edba..6655f81cee 100644 +--- a/pkg/framework/coremodel/helpers.go ++++ b/pkg/framework/coremodel/helpers.go +@@ -26,7 +26,7 @@ func init() { + var err error + defaultFramework, err = doLoadFrameworkCUE(cuectx.ProvideCUEContext()) + if err != nil { +- panic(err) ++// panic(err) + } + } + diff --git a/grafana.spec b/grafana.spec index 7f1e8b9..ccc617d 100644 --- a/grafana.spec +++ b/grafana.spec @@ -25,7 +25,7 @@ end} Name: grafana Version: 9.2.10 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Metrics dashboard and graph editor License: AGPL-3.0-only URL: https://grafana.org @@ -78,6 +78,7 @@ Patch9: 0009-redact-weak-ciphers.patch # https://github.com/grafana/grafana/commit/bae86dbeb0ad68a205454e98e76985dc393183d4 Patch10: 0010-skip-tests.patch Patch11: 0011-remove-email-lookup.patch +Patch12: 0012-coredump-selinux-error.patch # Patches affecting the vendor tarball Patch1001: 1001-vendor-patch-removed-backend-crypto.patch @@ -762,6 +763,7 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux %patch -P 9 -p1 %patch -P 10 -p1 %patch -P 11 -p1 +%patch -P 12 -p1 %patch -P 1001 -p1 %if %{enable_fips_mode} @@ -1004,6 +1006,10 @@ fi %{_datadir}/selinux/*/grafana.pp %changelog +* Fri Dec 15 2023 Sam Feifer 9.2.10-13 +- Fixes coredump issue introduced by selinux +- Patches out call to panic when trying to walk "/" directory + * Thu Nov 30 2023 Sam Feifer - 9.2.10-12 - Fix another set of AVC denials found testing only on some architectures