Allow postgreSQL selinux and gid to be 0

2024-01-31 15:52:40 -05:00 · 2024-01-31 15:52:40 -05:00 · cafc25a0b0
commit cafc25a0b0
parent 21e86afeef
3 changed files with 17 additions and 2 deletions
--- a/0001-update-grafana-cli-script-with-distro-specific-paths.patch
+++ b/0001-update-grafana-cli-script-with-distro-specific-paths.patch
@ -52,7 +52,7 @@ index dafa075a2c..eda358c425 100755
 +                         cfg:default.paths.logs=${LOG_DIR} \
 +                         cfg:default.paths.plugins=${PLUGINS_DIR}")
 +
-+if [ "$(id -u)" -eq 0 ]; then
+if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
 +  cd "${GRAFANA_HOME}"
 +  exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
 +elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
--- a/grafana.spec
+++ b/grafana.spec
@ -25,7 +25,7 @@ end}
 Name:             grafana
 Version:          9.2.10
-Release:          16%{?dist}
+Release:          17%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPL-3.0-only
 URL:              https://grafana.org
@ -1006,6 +1006,10 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 %changelog
 * Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-17
 - Allows for postgreSQL datasource in selinux policy
 - grafana-cli wrapper script now allows for the gid to be 0
 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.2.10-16
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--- a/grafana.te
+++ b/grafana.te
@ -27,6 +27,13 @@ gen_tunable(grafana_can_tcp_connect_elasticsearch_port, false)
 ## </desc>
 gen_tunable(grafana_can_tcp_connect_mysql_port, false)
 ## <desc>
 ## <p>
 ## Allow grafana to connect to postgresql's default tcp port of 5432
 ## </p>
 ## </desc>
 gen_tunable(grafana_can_tcp_connect_postgresql_port, false)
 ## <desc>
 ## <p>
 ## Allow grafana to connect to prometheus' default tcp port of 9090
@ -180,6 +187,10 @@ tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3
 	corenet_tcp_connect_mysqld_port(grafana_t)
 ')
 tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
 	corenet_tcp_connect_postgresql_port(grafana_t)
 ')
 tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
 	corenet_tcp_connect_websm_port(grafana_t)
 ')