From 5317cd12de817d292efeeba5a5217224051e6ab4 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 11 Mar 2025 07:21:59 +0000 Subject: [PATCH] Import from CS git --- SOURCES/grafana.te | 16 ++++++++++++---- SPECS/grafana.spec | 5 ++++- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/SOURCES/grafana.te b/SOURCES/grafana.te index c4d6a50..8e1b117 100644 --- a/SOURCES/grafana.te +++ b/SOURCES/grafana.te @@ -126,6 +126,14 @@ optional_policy(` allow grafana_t postgresql_var_run_t:sock_file write; ') +optional_policy(` + require { + type autofs_t; + class dir {getattr}; + } + allow grafana_t autofs_t:dir getattr; +') + manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t) @@ -189,14 +197,14 @@ tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3 corenet_tcp_connect_mysqld_port(grafana_t) ') -tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432 - corenet_tcp_connect_postgresql_port(grafana_t) -') - tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090 corenet_tcp_connect_websm_port(grafana_t) ') +tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432 + corenet_tcp_connect_postgresql_port(grafana_t) +') + optional_policy(` systemd_private_tmp(grafana_tmp_t) ') diff --git a/SPECS/grafana.spec b/SPECS/grafana.spec index 3c292b5..88ae423 100644 --- a/SPECS/grafana.spec +++ b/SPECS/grafana.spec @@ -35,7 +35,7 @@ end} Name: grafana Version: 9.2.10 -Release: 21%{?dist} +Release: 22%{?dist} Summary: Metrics dashboard and graph editor License: AGPLv3 URL: https://grafana.org @@ -1021,6 +1021,9 @@ fi %{_datadir}/selinux/*/grafana.pp %changelog +* Wed Feb 5 2025 Sam Feifer 9.2.10-22 +- Resolves RHEL-75921: grafana selinux issue with autofs_t + * Wed Jan 15 2025 Sam Feifer 9.2.10-21 - Resolves RHEL-72881: CVE-2025-21614 - Resolves RHEL-72869: CVE-2025-21613