rpms/grafana
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix AVC denials found when testing

Browse Source
This commit is contained in:
Sam Feifer 2023-11-15 11:48:55 -05:00
parent 2952ea608f
commit 756e76aa17
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
grafana.spec
View File

@ -25,7 +25,7 @@ end}
Name: grafana Name: grafana
Version: 9.2.10 Version: 9.2.10
Release: 8%{?dist} Release: 9%{?dist}
Summary: Metrics dashboard and graph editor Summary: Metrics dashboard and graph editor
License: AGPL-3.0-only License: AGPL-3.0-only
URL: https://grafana.org URL: https://grafana.org
@ -1004,6 +1004,9 @@ fi
%{_datadir}/selinux/*/grafana.pp %{_datadir}/selinux/*/grafana.pp
%changelog %changelog
* Thu Nov 9 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-9
- Fix AVC denials found when testing
* Thu Nov 9 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-8 * Thu Nov 9 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-8
- Hide relabeling messages from selinux when installing/uninstalling - Hide relabeling messages from selinux when installing/uninstalling

16
grafana.te
View File

@ -87,6 +87,22 @@ allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect };
allow grafana_t self:unix_stream_socket connectto; allow grafana_t self:unix_stream_socket connectto;
optional_policy(`
require {
type smtp_port_t;
class tcp_socket { name_connect };
}
allow grafana_t smtp_port_t:tcp_socket name_connect;
')
optional_policy(`
require {
type usr_t;
class file { execute };
}
allow grafana_t usr_t:file execute;
')
manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)