diff --git a/grafana.spec b/grafana.spec index 5d578c523945634a8c4bbb178628d9c86852f1b2..9e2c7f30cdc2b76aeacff9a2eeacb66547ab923d 100644 --- a/grafana.spec +++ b/grafana.spec @@ -36,7 +36,7 @@ end} Name: grafana Version: 9.2.10 -Release: 21%{anolis_release}%{?dist} +Release: 22%{anolis_release}%{?dist} Summary: Metrics dashboard and graph editor License: AGPLv3 URL: https://grafana.org @@ -1034,10 +1034,13 @@ fi %{_datadir}/selinux/*/grafana.pp %changelog -* Tue Jan 21 2025 Liwei Ge 9.2.10-21.0.1 +* Thu Mar 20 2025 Liwei Ge 9.2.10-22.0.1 - Use cn proxy for go build - Support loongarch build +* Wed Feb 5 2025 Sam Feifer 9.2.10-22 +- Resolves RHEL-75921: grafana selinux issue with autofs_t + * Wed Jan 15 2025 Sam Feifer 9.2.10-21 - Resolves RHEL-72881: CVE-2025-21614 - Resolves RHEL-72869: CVE-2025-21613 diff --git a/grafana.te b/grafana.te index c4d6a507660f9e0bad84e2377eeac3b2f6e015be..8e1b117dd1410451ed63a1913ea64b0650f28736 100644 --- a/grafana.te +++ b/grafana.te @@ -126,6 +126,14 @@ optional_policy(` allow grafana_t postgresql_var_run_t:sock_file write; ') +optional_policy(` + require { + type autofs_t; + class dir {getattr}; + } + allow grafana_t autofs_t:dir getattr; +') + manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t) @@ -189,14 +197,14 @@ tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3 corenet_tcp_connect_mysqld_port(grafana_t) ') -tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432 - corenet_tcp_connect_postgresql_port(grafana_t) -') - tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090 corenet_tcp_connect_websm_port(grafana_t) ') +tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432 + corenet_tcp_connect_postgresql_port(grafana_t) +') + optional_policy(` systemd_private_tmp(grafana_tmp_t) ')