.gitignore

@@ -1,3 +1,5 @@
-SOURCES/grafana-9.2.10.tar.gz
-SOURCES/grafana-vendor-9.2.10-21.tar.xz
-SOURCES/grafana-webpack-9.2.10-21.tar.gz
+/grafana-*.tar.gz
+/grafana-*.tar.xz
+/grafana-*.tar.xz.manifest
+/grafana*/
+*.rpm

.grafana.metadata

@@ -1,3 +0,0 @@
-4c9db312dca444023c37c7af9acd2876a7e164b8 SOURCES/grafana-9.2.10.tar.gz
-f962d22ea13813f28dbf9d2a057c189b14051ff4 SOURCES/grafana-vendor-9.2.10-21.tar.xz
-f66e9f954173212fb43bebd00756cf3c78362ea1 SOURCES/grafana-webpack-9.2.10-21.tar.gz

ci.fmf

@@ -0,0 +1,2 @@
+---
+resultsdb-testcase: separate

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-*
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-x86_64.functional}

grafana.rpmlintrc

@@ -0,0 +1,17 @@
+addFilter("E: non-readable /etc/grafana/grafana.ini 640")
+addFilter("E: non-readable /etc/grafana/ldap.toml 640")
+addFilter("E: non-standard-dir-perm /var/lib/grafana 750")
+addFilter("E: non-standard-dir-perm /etc/grafana/provisioning/datasources 750")
+addFilter("W: non-standard-uid.* grafana")
+addFilter("W: non-standard-gid.* grafana")
+
+addFilter("W: invalid-url Source1: grafana-vendor-")
+addFilter("W: invalid-url Source2: grafana-webpack-")
+addFilter("E: zero-length /usr/share/grafana/public")
+addFilter("W: hidden-file-or-dir /usr/share/grafana/public")
+addFilter("W: files-duplicate /usr/share/grafana/public/img")
+addFilter("W: files-duplicate /usr/share/grafana/public/lib/.*.LICENSE.txt")
+
+addFilter("W: dangerous-command-in-%post chown")
+addFilter("W: log-files-without-logrotate")
+addFilter("W: %ifarch-applied-patch Patch.*: .*vendor-skip-goldenfiles-tests.patch")

grafana.spec

@@ -35,7 +35,7 @@ end}
 
 Name:             grafana
 Version:          9.2.10
-Release:          21%{?dist}
+Release:          22%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          AGPLv3
 URL:              https://grafana.org
@@ -1021,6 +1021,9 @@ fi
 %{_datadir}/selinux/*/grafana.pp
 
 %changelog
+* Wed Feb 5 2025 Sam Feifer <sfeifer@redhat.com> 9.2.10-22
+- Resolves RHEL-75921: grafana selinux issue with autofs_t
+
 * Wed Jan 15 2025 Sam Feifer <sfeifer@redhat.com> 9.2.10-21
 - Resolves RHEL-72881: CVE-2025-21614
 - Resolves RHEL-72869: CVE-2025-21613

grafana.te

@@ -126,6 +126,14 @@ optional_policy(`
 	allow grafana_t postgresql_var_run_t:sock_file write;
 ')
 
+optional_policy(`
+	require {
+		type autofs_t;
+		class dir {getattr};
+	}
+	allow grafana_t autofs_t:dir getattr;
+')
+
 manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
 manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
 
@@ -189,14 +197,14 @@ tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3
 	corenet_tcp_connect_mysqld_port(grafana_t)
 ')
 
-tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
-	corenet_tcp_connect_postgresql_port(grafana_t)
-')
-
 tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
 	corenet_tcp_connect_websm_port(grafana_t)
 ')
 
+tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
+	corenet_tcp_connect_postgresql_port(grafana_t)
+')
+
 optional_policy(`
     systemd_private_tmp(grafana_tmp_t)
 ')

sources

@@ -0,0 +1,3 @@
+SHA512 (grafana-9.2.10.tar.gz) = 5eadfcd8ed8822c4a05b4b486baa50402d989049071256d933fe7a7249a22b68e039ad6445a8a6d4a9f0754661882ab8ece1af308aad9c148f31d2cdb320c8c0
+SHA512 (grafana-webpack-9.2.10-21.tar.gz) = 0b094eee702c3cd28d6433988faffcfcc958eb6c4be40f2e21486f6ba96e163b33398bc8d75f888ae6cf75125be996f832ca301304d5826b08319dbfa9438baa
+SHA512 (grafana-vendor-9.2.10-21.tar.xz) = 3f6fdbdcca4c919ea506f23b7dcfc67ce45c704ea200f1ed30209ca511e8434f1983498e3538292225534163e4030dd59e4065d9cfc4867e1b4d6a6afe5e2ca4