Skip to content

Commit 27bec80

Browse files
sfeifersfeifer
authored
Merge pull request #4 from sfeifer/main
Fix some AVC denials
2 parents 8861616 + b032da2 commit 27bec80

File tree

1 file changed

+29
-0
lines changed

1 file changed

+29
-0
lines changed

grafana.te

+29
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,35 @@ allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect };
8787

8888
allow grafana_t self:unix_stream_socket connectto;
8989

90+
allow grafana_t self:netlink_route_socket { create bind getattr nlmsg_read };
91+
92+
optional_policy(`
93+
require {
94+
type smtp_port_t;
95+
class tcp_socket { name_connect };
96+
}
97+
allow grafana_t smtp_port_t:tcp_socket name_connect;
98+
')
99+
100+
optional_policy(`
101+
require {
102+
type usr_t;
103+
class file { execute };
104+
}
105+
allow grafana_t usr_t:file execute;
106+
')
107+
108+
optional_policy(`
109+
require {
110+
type postgresql_t;
111+
type postgresql_var_run_t;
112+
class unix_stream_socket { connectto };
113+
class sock_file { write };
114+
}
115+
allow grafana_t postgresql_t:unix_stream_socket connectto;
116+
allow grafana_t postgresql_var_run_t:sock_file write;
117+
')
118+
90119
manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
91120
manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
92121

0 commit comments

Comments
 (0)