Fix additional AVC denials found when testing

This commit is contained in:
Sam Feifer 2023-11-15 15:22:58 -05:00
parent 23e6d56b77
commit f71f22a242
2 changed files with 10 additions and 6 deletions

View File

@ -25,7 +25,7 @@ end}
Name: grafana Name: grafana
Version: 9.2.10 Version: 9.2.10
Release: 9%{?dist} Release: 10%{?dist}
Summary: Metrics dashboard and graph editor Summary: Metrics dashboard and graph editor
License: AGPL-3.0-only License: AGPL-3.0-only
URL: https://grafana.org URL: https://grafana.org
@ -1004,6 +1004,9 @@ fi
%{_datadir}/selinux/*/grafana.pp %{_datadir}/selinux/*/grafana.pp
%changelog %changelog
* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-10
- Fix additional AVC denial found when testing
* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-9 * Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> - 9.2.10-9
- Fix AVC denials found when testing - Fix AVC denials found when testing
- Stop commented out gotest macro from expanding - Stop commented out gotest macro from expanding

View File

@ -96,13 +96,14 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
require { require {
type usr_t; type usr_t;
class file { execute }; class file { execute execute_no_trans };
} }
allow grafana_t usr_t:file execute; allow grafana_t usr_t:file { execute execute_no_trans };
') ')
manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)