Notification time stamped 2023-11-15 20:23:41 UTC From f71f22a242e7048af41ca44f899c547d77b7092b Mon Sep 17 00:00:00 2001 From: Sam Feifer <sfeifer(a)redhat.com&gt; Date: Nov 15 2023 20:22:58 +0000 Subject: Fix additional AVC denials found when testing --- diff --git a/grafana.spec b/grafana.spec index 68b4084..ded63dd 100644 --- a/grafana.spec +++ b/grafana.spec @@ -25,7 +25,7 @@ end} Name: grafana Version: 9.2.10 -Release: 9%{?dist} +Release: 10%{?dist} Summary: Metrics dashboard and graph editor License: AGPL-3.0-only URL: https://grafana.org @@ -1004,6 +1004,9 @@ fi %{_datadir}/selinux/*/grafana.pp %changelog +* Wed Nov 15 2023 Sam Feifer <sfeifer(a)redhat.com&gt; - 9.2.10-10 +- Fix additional AVC denial found when testing + * Wed Nov 15 2023 Sam Feifer <sfeifer(a)redhat.com&gt; - 9.2.10-9 - Fix AVC denials found when testing - Stop commented out gotest macro from expanding diff --git a/grafana.te b/grafana.te index 8cc35b4..acc6189 100644 --- a/grafana.te +++ b/grafana.te @@ -96,13 +96,14 @@ optional_policy(` ') optional_policy(` - require { - type usr_t; - class file { execute }; - } - allow grafana_t usr_t:file execute; + require { + type usr_t; + class file { execute execute_no_trans }; + } + allow grafana_t usr_t:file { execute execute_no_trans }; ') + manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t) https://src.fedoraproject.org/rpms/grafana/c/f71f22a242e7048af41ca44f899c...