rpms/pcp
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: RHEL-69085

Browse Source
This commit is contained in:
Sam Feifer 2025-01-03 16:19:05 -05:00
parent fd72e9c872
commit 9571bdec95
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pcp.spec
View File

@ -1,6 +1,6 @@
Name: pcp Name: pcp
Version: 6.3.2 Version: 6.3.2
Release: 2%{?dist} Release: 3%{?dist}
Summary: System-level performance monitoring and performance management Summary: System-level performance monitoring and performance management
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND CC-BY-3.0 License: GPL-2.0-or-later AND LGPL-2.1-or-later AND CC-BY-3.0
URL: https://pcp.io URL: https://pcp.io
@ -11,6 +11,7 @@ Patch0: pcp-xsos-fixes.patch
# Keep xx-default-archive-version.patch for the life of RHEL9 # Keep xx-default-archive-version.patch for the life of RHEL9
Patch1: redhat-issues-RHEL-2317-default-archive-version.patch Patch1: redhat-issues-RHEL-2317-default-archive-version.patch
Patch2: redhat-issues-RHEL-58953-perl-drop-Y2038-checks.patch Patch2: redhat-issues-RHEL-58953-perl-drop-Y2038-checks.patch
Patch3: selinux-pmie-and-pmlogger.patch
%if 0%{?fedora} >= 40 || 0%{?rhel} >= 10 %if 0%{?fedora} >= 40 || 0%{?rhel} >= 10
ExcludeArch: %{ix86} ExcludeArch: %{ix86}
@ -3603,6 +3604,9 @@ fi
%files zeroconf -f pcp-zeroconf-files.rpm %files zeroconf -f pcp-zeroconf-files.rpm
%changelog %changelog
* Fri Jan 3 2025 Sam Feifer <sfeifer@redhat.com> - 6.3.2-3
- Fix selinux denials caused by pmie and pmlogger trying to access /dev/dm-*
* Thu Nov 14 2024 Nathan Scott <nathans@redhat.com> - 6.3.2-2 * Thu Nov 14 2024 Nathan Scott <nathans@redhat.com> - 6.3.2-2
- Back-port upstream bug fixes for pcp-xsos(1). - Back-port upstream bug fixes for pcp-xsos(1).

24
selinux-pmie-and-pmlogger.patch Normal file
View File

@ -0,0 +1,24 @@
diff --git a/src/selinux/pcp.te b/src/selinux/pcp.te
index 46d921b5c..c03d03674 100644
--- a/src/selinux/pcp.te
+++ b/src/selinux/pcp.te
@@ -906,6 +906,9 @@ allow pcp_pmlogger_t etc_t:dir { add_name read remove_name write };
allow pcp_pmlogger_t etc_t:file { create unlink write };
allow pcp_pmlogger_t cgroup_t:file { getattr read open append write };
+allow pcp_pmlogger_t fixed_disk_device_t:blk_file getattr;
+allow pcp_pmlogger_t sysfs_t:lnk_file read;
+
#============= pcp_pmie_t ==============
# type=AVC msg=audit(N): avc: denied { execute execute_no_trans getattr open read } for pid=PID comm="pmdaX" name="/" dev="tracefs" ino=INO scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file permissive=0
allow pcp_pmie_t hostname_exec_t:file { execute execute_no_trans getattr open read };
@@ -940,6 +943,9 @@ allow pcp_pmie_t etc_t:dir { add_name read remove_name write };
allow pcp_pmie_t etc_t:file { create unlink write };
allow pcp_pmie_t cgroup_t:file { getattr read open append write };
+allow pcp_pmie_t fixed_disk_device_t:blk_file getattr;
+allow pcp_pmie_t sysfs_t:lnk_file read;
+
#============= pmda-lio ==============
# type=AVC msg=audit(N): avc: denied { open read search write } for pid=PID comm="pmdaX" name="/" dev="tracefs" ino=INO scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:configfs_t:s0 tclass=dir permissive=0
allow pcp_pmcd_t configfs_t:dir { open read search write };