rpms/grafana
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from AlmaLinux beta

Browse Source
This commit is contained in:
eabdullin 2024-04-30 23:05:11 +03:00
parent e1299f47a9
commit dd9dfb6010
6 changed files with 500 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch
View File

@ -52,7 +52,7 @@ index dafa075a2c..eda358c425 100755
+ cfg:default.paths.logs=${LOG_DIR} \ + cfg:default.paths.logs=${LOG_DIR} \
+ cfg:default.paths.plugins=${PLUGINS_DIR}") + cfg:default.paths.plugins=${PLUGINS_DIR}")
+ +
+if [ "$(id -u)" -eq 0 ]; then +if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
+ cd "${GRAFANA_HOME}" + cd "${GRAFANA_HOME}"
+ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@" + exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
+elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then +elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then

13
SOURCES/0012-coredump-selinux-error.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/pkg/framework/coremodel/helpers.go b/pkg/framework/coremodel/helpers.go
index 20d111edba..6655f81cee 100644
--- a/pkg/framework/coremodel/helpers.go
+++ b/pkg/framework/coremodel/helpers.go
@@ -26,7 +26,7 @@ func init() {
var err error
defaultFramework, err = doLoadFrameworkCUE(cuectx.ProvideCUEContext())
if err != nil {
- panic(err)
+// panic(err)
}
}

24
SOURCES/grafana.fc Normal file
View File

@ -0,0 +1,24 @@
/etc/systemd/system/grafana-server.service -- gen_context(system_u:object_r:grafana_unit_file_t,s0)
/usr/lib/systemd/system/grafana-server.service -- gen_context(system_u:object_r:grafana_unit_file_t,s0)
/etc/grafana(/.*)? gen_context(system_u:object_r:grafana_conf_t,s0)
/usr/sbin/grafana-cli -- gen_context(system_u:object_r:grafana_exec_t,s0)
/usr/sbin/grafana-server -- gen_context(system_u:object_r:grafana_exec_t,s0)
/var/lib/grafana(/.*)? gen_context(system_u:object_r:grafana_var_lib_t,s0)
#/var/lib/grafana/grafana.db -- gen_context(system_u:object_r:grafana_db_t,s0)
/var/log/grafana(/.*)? gen_context(system_u:object_r:grafana_log_t,s0)
/var/run/grafana(/.*)? -- gen_context(system_u:object_r:grafana_var_run_t,s0)
#/var/lib/grafana/plugins(/.*)? gen_context(system_u:object_r:grafana_plugin_t,s0)
/usr/share/grafana/bin/grafana -- gen_context(system_u:object_r:grafana_exec_t,s0)
/usr/share/grafana/bin/grafana-cli -- gen_context(system_u:object_r:grafana_exec_t,s0)
/usr/share/grafana/bin/grafana-server -- gen_context(system_u:object_r:grafana_exec_t,s0)
#define context for pcp plugin
#/usr/share/performancecopilot-pcp-app/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
/usr/libexec/grafana-pcp/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)

141
SOURCES/grafana.if Normal file
View File

@ -0,0 +1,141 @@
## <summary>policy for grafana</summary>
########################################
## <summary>
## Execute grafana_exec_t in the grafana domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`grafana_domtrans',`
gen_require(`
type grafana_t, grafana_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, grafana_exec_t, grafana_t)
')
########################################
## <summary>
## Allow domain to name_connect to grafana port. Default :3000
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`connect_grafana_port',`
gen_require(`
class tcp_socket name_connect;
type grafana_port_t;
')
allow $1 grafana_port_t:tcp_socket name_connect;
')
#######################################
## <summary>
## Read grafana database.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`grafana_read_db',`
gen_require(`
type grafana_db_t;
')
files_search_var_lib($1)
search_dirs_pattern($1, grafana_var_lib_t, grafana_var_lib_t)
read_files_pattern($1, grafana_db_t, grafana_db_t)
')
######################################
## <summary>
## Execute grafana in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`grafana_exec',`
gen_require(`
type grafana_exec_t;
')
corecmd_search_bin($1)
can_exec($1, grafana_exec_t)
')
########################################
## <summary>
## Execute grafana server in the grafana domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`grafana_systemctl',`
gen_require(`
type grafana_t;
type grafana_unit_file_t;
')
systemd_exec_systemctl($1)
systemd_read_fifo_file_passwd_run($1)
allow $1 grafana_unit_file_t:file read_file_perms;
allow $1 grafana_unit_file_t:service manage_service_perms;
ps_process_pattern($1, grafana_t)
')
########################################
## <summary>
## All of the rules required to administrate
## an grafana environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`grafana_admin',`
gen_require(`
type grafana_t;
type grafana_unit_file_t;
')
allow $1 grafana_t:process { signal_perms };
ps_process_pattern($1, grafana_t)
tunable_policy(`deny_ptrace',`',`
allow $1 grafana_t:process ptrace;
')
grafana_systemctl($1)
admin_pattern($1, grafana_unit_file_t)
allow $1 grafana_unit_file_t:service all_service_perms;
optional_policy(`
systemd_passwd_agent_exec($1)
systemd_read_fifo_file_passwd_run($1)
')
')

199
SOURCES/grafana.te Normal file
View File

@ -0,0 +1,199 @@
policy_module(grafana, 1.0.4)
########################################
#
# Declarations
#
#permissive grafana_t;
## <desc>
## <p>
## Allow grafana to be used with a reverse proxy
## </p>
## </desc>
gen_tunable(grafana_can_reverse_proxy, false)
## <desc>
## <p>
## Allow grafana to connect to elasticsearch's default tcp port of 9200
## </p>
## </desc>
gen_tunable(grafana_can_tcp_connect_elasticsearch_port, false)
## <desc>
## <p>
## Allow grafana to connect to mysql's default tcp port of 3306
## </p>
## </desc>
gen_tunable(grafana_can_tcp_connect_mysql_port, false)
## <desc>
## <p>
## Allow grafana to connect to postgresql's default tcp port of 5432
## </p>
## </desc>
gen_tunable(grafana_can_tcp_connect_postgresql_port, false)
## <desc>
## <p>
## Allow grafana to connect to prometheus' default tcp port of 9090
## </p>
## </desc>
gen_tunable(grafana_can_tcp_connect_prometheus_port, false)
type grafana_t;
type grafana_exec_t;
init_daemon_domain(grafana_t, grafana_exec_t)
init_nnp_daemon_domain(grafana_t)
type grafana_unit_file_t;
systemd_unit_file(grafana_unit_file_t)
type grafana_conf_t;
files_config_file(grafana_conf_t)
type grafana_db_t;
files_config_file(grafana_db_t)
type grafana_tmp_t;
files_tmp_file(grafana_tmp_t)
type grafana_tmpfs_t;
files_tmpfs_file(grafana_tmpfs_t)
type grafana_log_t;
logging_log_file(grafana_log_t)
type grafana_var_run_t;
files_pid_file(grafana_var_run_t)
type grafana_var_lib_t;
files_type(grafana_var_lib_t)
type grafana_port_t;
corenet_port(grafana_port_t)
type grafana_pcp_exec_t;
corecmd_executable_file(grafana_pcp_exec_t)
can_exec(grafana_t, grafana_pcp_exec_t)
# Ports 32768-60999 (pcp port is 44322)
corenet_tcp_connect_all_ephemeral_ports(grafana_t)
grafana_exec(grafana_t)
########################################
#
# grafana local policy
#
allow grafana_t self:tcp_socket create_stream_socket_perms;
allow grafana_t self:udp_socket create_stream_socket_perms;
allow grafana_t self:unix_dgram_socket create_socket_perms;
allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect };
allow grafana_t self:unix_stream_socket connectto;
allow grafana_t self:netlink_route_socket { create bind getattr nlmsg_read };
optional_policy(`
require {
type smtp_port_t;
class tcp_socket { name_connect };
}
allow grafana_t smtp_port_t:tcp_socket name_connect;
')
optional_policy(`
require {
type usr_t;
class file { execute execute_no_trans };
}
allow grafana_t usr_t:file { execute execute_no_trans };
')
optional_policy(`
require {
type postgresql_t;
type postgresql_var_run_t;
class unix_stream_socket { connectto };
class sock_file { write };
}
allow grafana_t postgresql_t:unix_stream_socket connectto;
allow grafana_t postgresql_var_run_t:sock_file write;
')
manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
manage_dirs_pattern(grafana_t, grafana_db_t, grafana_db_t)
manage_files_pattern(grafana_t, grafana_db_t, grafana_db_t)
manage_dirs_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
manage_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
manage_sock_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
files_tmp_filetrans(grafana_t, grafana_tmp_t, { dir file sock_file })
manage_dirs_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t)
manage_files_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t)
fs_tmpfs_filetrans(grafana_t, grafana_tmpfs_t, {dir file})
manage_dirs_pattern(grafana_t, grafana_log_t, grafana_log_t)
manage_files_pattern(grafana_t, grafana_log_t, grafana_log_t)
logging_log_filetrans(grafana_t, grafana_log_t, { dir file })
manage_dirs_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t)
manage_files_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t)
files_pid_filetrans(grafana_t, grafana_var_run_t, { dir file })
manage_dirs_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
manage_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
manage_lnk_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
files_var_lib_filetrans(grafana_t, grafana_var_lib_t, { dir file })
corenet_tcp_connect_http_port(grafana_t)
corenet_tcp_bind_generic_node(grafana_t)
kernel_dgram_send(grafana_t)
kernel_read_net_sysctls(grafana_t)
kernel_read_system_state(grafana_t)
auth_read_passwd(grafana_t)
dev_read_sysfs(grafana_t)
sysnet_read_config(grafana_t)
logging_send_syslog_msg(grafana_t)
miscfiles_read_generic_certs(grafana_t)
tunable_policy(`grafana_can_reverse_proxy',`
gen_require(`
type httpd_t;
')
connect_grafana_port(httpd_t) # Reverse proxy support
corenet_tcp_connect_http_port(grafana_t)
')
tunable_policy(`grafana_can_tcp_connect_elasticsearch_port',` # Elasticsearch default tcp port 9200
corenet_tcp_connect_wap_wsp_port(grafana_t)
')
tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3306
corenet_tcp_connect_mysqld_port(grafana_t)
')
tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
corenet_tcp_connect_postgresql_port(grafana_t)
')
tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
corenet_tcp_connect_websm_port(grafana_t)
')
optional_policy(`
systemd_private_tmp(grafana_tmp_t)
')

129
SPECS/grafana.spec
View File

@ -21,9 +21,11 @@ end}
%global gomodulesmode GO111MODULE=auto %global gomodulesmode GO111MODULE=auto
%global gotestflags %{gotestflags} -tags=integration %global gotestflags %{gotestflags} -tags=integration
%global selinux_variants mls targeted
Name: grafana Name: grafana
Version: 9.2.10 Version: 9.2.10
Release: 4%{?dist} Release: 15%{?dist}
Summary: Metrics dashboard and graph editor Summary: Metrics dashboard and graph editor
License: AGPL-3.0-only License: AGPL-3.0-only
URL: https://grafana.org URL: https://grafana.org
@ -58,6 +60,11 @@ Source6: list_bundled_nodejs_packages.py
# Source7 contains the script to create the vendor and webpack bundles in a container # Source7 contains the script to create the vendor and webpack bundles in a container
Source7: create_bundles_in_container.sh Source7: create_bundles_in_container.sh
# Source8 - Source10 contain the grafana-selinux policy
Source8: grafana.te
Source9: grafana.fc
Source10: grafana.if
# Patches affecting the source tarball # Patches affecting the source tarball
Patch1: 0001-update-grafana-cli-script-with-distro-specific-paths.patch Patch1: 0001-update-grafana-cli-script-with-distro-specific-paths.patch
Patch2: 0002-add-manpages.patch Patch2: 0002-add-manpages.patch
@ -70,6 +77,7 @@ Patch8: 0008-graphite-functions-xss.patch
Patch9: 0009-redact-weak-ciphers.patch Patch9: 0009-redact-weak-ciphers.patch
Patch10: 0010-skip-tests.patch Patch10: 0010-skip-tests.patch
Patch11: 0011-remove-email-lookup.patch Patch11: 0011-remove-email-lookup.patch
Patch12: 0012-coredump-selinux-error.patch
# Patches affecting the vendor tarball # Patches affecting the vendor tarball
Patch1001: 1001-vendor-patch-removed-backend-crypto.patch Patch1001: 1001-vendor-patch-removed-backend-crypto.patch
@ -81,7 +89,7 @@ ExclusiveArch: %{grafana_arches}
BuildRequires: systemd BuildRequires: systemd
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: golang >= 1.17 BuildRequires: golang
BuildRequires: go-srpm-macros BuildRequires: go-srpm-macros
%if 0%{?rhel} >= 9 %if 0%{?rhel} >= 9
BuildRequires: go-rpm-macros BuildRequires: go-rpm-macros
@ -107,6 +115,14 @@ Requires(pre): shadow-utils
BuildRequires: shared-mime-info BuildRequires: shared-mime-info
Requires: shared-mime-info Requires: shared-mime-info
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 8
# This ensures that the grafana-selinux package and all its dependencies are
# not pulled into containers and other systems that do not use SELinux
Requires: (grafana-selinux = %{version}-%{release} if selinux-policy-targeted)
%else
Requires: grafana-selinux = %{version}-%{release}
%endif
%if 0%{?fedora} || 0%{?rhel} > 7 %if 0%{?fedora} || 0%{?rhel} > 7
Recommends: grafana-pcp Recommends: grafana-pcp
%endif %endif
@ -708,6 +724,20 @@ Provides: bundled(npm(yaml)) = 1.10.2
Grafana is an open source, feature rich metrics dashboard and graph editor for Grafana is an open source, feature rich metrics dashboard and graph editor for
Graphite, InfluxDB & OpenTSDB. Graphite, InfluxDB & OpenTSDB.
# SELinux package
%package selinux
Summary: SELinux policy module supporting grafana
BuildRequires: checkpolicy, selinux-policy-devel, selinux-policy-targeted
%if "%{_selinux_policy_version}" != ""
Requires: selinux-policy >= %{_selinux_policy_version}
%endif
Requires: %{name} = %{version}-%{release}
Requires: selinux-policy-targeted
Requires(post): /usr/sbin/semodule, /usr/sbin/semanage, /sbin/restorecon, /sbin/fixfiles, grafana
Requires(postun): /usr/sbin/semodule, /usr/sbin/semanage, /sbin/restorecon, /sbin/fixfiles, /sbin/service, grafana
%description selinux
SELinux policy module supporting grafana
%prep %prep
%setup -q -T -D -b 0 %setup -q -T -D -b 0
@ -719,6 +749,10 @@ rm -r plugins-bundled
%setup -q -T -D -b 2 %setup -q -T -D -b 2
%endif %endif
# SELinux policy
mkdir SELinux
cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux
%patch -P 1 -p1 %patch -P 1 -p1
%patch -P 2 -p1 %patch -P 2 -p1
%patch -P 3 -p1 %patch -P 3 -p1
@ -730,6 +764,7 @@ rm -r plugins-bundled
%patch -P 9 -p1 %patch -P 9 -p1
%patch -P 10 -p1 %patch -P 10 -p1
%patch -P 11 -p1 %patch -P 11 -p1
%patch -P 12 -p1
%patch -P 1001 -p1 %patch -P 1001 -p1
%if %{enable_fips_mode} %if %{enable_fips_mode}
@ -758,6 +793,16 @@ for cmd in grafana-cli grafana-server; do
%gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd} %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd}
done done
# SELinux policy
cd SELinux
for selinuxvariant in %{selinux_variants}
do
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
mv grafana.pp grafana.pp.${selinuxvariant}
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
done
cd -
%install %install
# dirs, shared files, public html, webpack # dirs, shared files, public html, webpack
@ -817,6 +862,16 @@ echo "d %{_rundir}/%{name} 0755 %{GRAFANA_USER} %{GRAFANA_GROUP} -" \
# systemd-sysusers configuration # systemd-sysusers configuration
install -p -m 644 -D %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf install -p -m 644 -D %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf
# SELinux policy
cd SELinux
for selinuxvariant in %{selinux_variants}
do
install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
install -p -m 644 grafana.pp.${selinuxvariant} \
%{buildroot}%{_datadir}/selinux/${selinuxvariant}/grafana.pp
done
cd -
%pre %pre
%sysusers_create_compat %{SOURCE3} %sysusers_create_compat %{SOURCE3}
@ -866,12 +921,12 @@ export TZ=GMT
# required since RHEL 8.8 to fix the following error: # required since RHEL 8.8 to fix the following error:
# "imports crypto/boring: build constraints exclude all Go files in /usr/lib/golang/src/crypto/boring" # "imports crypto/boring: build constraints exclude all Go files in /usr/lib/golang/src/crypto/boring"
# can be removed in a future Go release # can be removed in a future Go release
export GOEXPERIMENT=boringcrypto #export GOEXPERIMENT=boringcrypto
%gotest ./pkg/... #% gotest ./pkg/...
%if %{enable_fips_mode} #%if %{enable_fips_mode}
OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryption #OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryption
%endif #%endif
%files %files
# binaries and wrappers # binaries and wrappers
@ -919,8 +974,68 @@ OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryptio
%doc CHANGELOG.md CODE_OF_CONDUCT.md CONTRIBUTING.md GOVERNANCE.md HALL_OF_FAME.md ISSUE_TRIAGE.md MAINTAINERS.md %doc CHANGELOG.md CODE_OF_CONDUCT.md CONTRIBUTING.md GOVERNANCE.md HALL_OF_FAME.md ISSUE_TRIAGE.md MAINTAINERS.md
%doc PLUGIN_DEV.md README.md ROADMAP.md SECURITY.md SUPPORT.md UPGRADING_DEPENDENCIES.md WORKFLOW.md %doc PLUGIN_DEV.md README.md ROADMAP.md SECURITY.md SUPPORT.md UPGRADING_DEPENDENCIES.md WORKFLOW.md
# SELinux policy
%post selinux
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -i \
%{_datadir}/selinux/${selinuxvariant}/grafana.pp &> /dev/null || :
done
/sbin/restorecon -RvF /usr/sbin/grafana-* &> /dev/null || :
/sbin/restorecon -RvF /etc/grafana &> /dev/null || :
/sbin/restorecon -RvF /var/log/grafana &> /dev/null || :
/sbin/restorecon -RvF /var/lib/grafana &> /dev/null || :
/sbin/restorecon -RvF /usr/libexec/grafana-pcp &> /dev/null || :
/usr/sbin/semanage port -a -t grafana_port_t -p tcp 3000 &> /dev/null || :
%postun selinux
if [ $1 -eq 0 ] ; then
/usr/sbin/semanage port -d -p tcp 3000 &> /dev/null || :
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -r grafana &> /dev/null || :
done
/sbin/restorecon -RvF /usr/sbin/grafana-* &> /dev/null || :
/sbin/restorecon -RvF /etc/grafana &> /dev/null || :
/sbin/restorecon -RvF /var/log/grafana &> /dev/null || :
/sbin/restorecon -RvF /var/lib/grafana &> /dev/null || :
/sbin/restorecon -RvF /usr/libexec/grafana-pcp &> /dev/null || :
fi
%files selinux
%defattr(-,root,root,0755)
%doc SELinux/*
%{_datadir}/selinux/*/grafana.pp
%changelog %changelog
* Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15
- Resolves RHEL-23468
- Allows for gid to be 0
- Allows for postgreSQL datasource in selinux policy
* Tue Dec 19 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
- Fixes postgresql AVC denial
- Related RHEL-7505
* Thu Dec 14 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13
- Resolves RHEL-19296
- Fixes coredump issue introduced by selinux
- Patches out call to panic when trying to walk "/" directory
* Thu Nov 30 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-12
- Resolves RHEL-7505
- Fixes additional selinux denials found when testing on certain architectures
* Tue Nov 21 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-11
- Resolves RHEL-7505
- Fixes selinux denials found when testing on certain architectures
* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-10
- Resolves RHEL-7505
- Adds a selinux policy for grafana
- Resolves RHEL-12666
- fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work
* Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5 * Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5
- resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth - resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth