From f71f22a242e7048af41ca44f899c547d77b7092b Mon Sep 17 00:00:00 2001
From: Sam Feifer <sfeifer@redhat.com>
Date: Wed, 15 Nov 2023 15:22:58 -0500
Subject: [PATCH] Fix additional AVC denials found when testing

---
 grafana.spec |  5 ++++-
 grafana.te   | 11 ++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/grafana.spec b/grafana.spec
index 68b4084..ded63dd 100644
--- a/grafana.spec
+++ b/grafana.spec
@@ -25,7 +25,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          9%{?dist}
+Release:          10%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPL-3.0-only
 URL:              https://grafana.org
@@ -1004,6 +1004,9 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-10
+- Fix additional AVC denial found when testing
+
 * Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-9
 - Fix AVC denials found when testing
 - Stop commented out gotest macro from expanding
diff --git a/grafana.te b/grafana.te
index 8cc35b4..acc6189 100644
--- a/grafana.te
+++ b/grafana.te
@@ -96,13 +96,14 @@ optional_policy(`
 ')
 
 optional_policy(`
-	require {
-		type usr_t;
-		class file { execute };
-	}
-	allow grafana_t usr_t:file execute;
+        require {
+                type usr_t;
+                class file { execute execute_no_trans };
+        }
+        allow grafana_t usr_t:file { execute execute_no_trans };
 ')
 
+
 manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
 manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)