From 9a0313096599fc9783b1bac25b4e698400f0e1a5 Mon Sep 17 00:00:00 2001
From: Sam Feifer <sfeifer@redhat.com>
Date: Thu, 30 Nov 2023 09:48:06 -0500
Subject: [PATCH] Fix AVC denials found only on certain architectures

---
 grafana.spec | 5 ++++-
 grafana.te   | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/grafana.spec b/grafana.spec
index 2376db3..7f1e8b9 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -25,7 +25,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          11%{?dist}
+Release:          12%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPL-3.0-only
 URL:              https://grafana.org
@@ -1004,6 +1004,9 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Thu Nov 30 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-12
+- Fix another set of AVC denials found testing only on some architectures
+
 * Mon Nov 20 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-11
 - Fix additional AVC denial found when testing on certain architectures
 
diff --git a/grafana.te b/grafana.te
index 9078bf3..1d7c206 100644
--- a/grafana.te
+++ b/grafana.te
@@ -87,7 +87,7 @@ allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect };
 
 allow grafana_t self:unix_stream_socket connectto;
 
-allow grafana_t self:netlink_route_socket create;
+allow grafana_t self:netlink_route_socket { create bind getattr nlmsg_read };
 
 optional_policy(`
 	require {