Fix additional AVC denials found when testing

2023-11-15 15:22:58 -05:00 · 2023-11-15 15:22:58 -05:00 · f71f22a242
commit f71f22a242
parent 23e6d56b77
2 changed files with 10 additions and 6 deletions
--- a/grafana.spec
+++ b/grafana.spec
@ -25,7 +25,7 @@ end}

 Name:             grafana
 Version:          9.2.10
-Release:          9%{?dist}
+Release:          10%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPL-3.0-only
 URL:              https://grafana.org
@ -1004,6 +1004,9 @@ fi
 %{_datadir}/selinux/*/grafana.pp

 %changelog
+* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-10
+- Fix additional AVC denial found when testing
+
 * Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-9
 - Fix AVC denials found when testing
 - Stop commented out gotest macro from expanding
--- a/grafana.te
+++ b/grafana.te
@ -96,13 +96,14 @@ optional_policy(`
 ')

 optional_policy(`
-	require {
-		type usr_t;
-		class file { execute };
-	}
-	allow grafana_t usr_t:file execute;
+        require {
+                type usr_t;
+                class file { execute execute_no_trans };
+        }
+        allow grafana_t usr_t:file { execute execute_no_trans };
 ')

+
 manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
 manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)