Skip to content

Commit d60d556

Browse files
sfeifersfeifer
committed
add rules for postgres and mssql datsources
1 parent 27bec80 commit d60d556

File tree

3 files changed

+16
-2
lines changed

3 files changed

+16
-2
lines changed

README.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ semodule -i grafana.pp
3232
semanage port -a -t grafana_port_t -p tcp 3000
3333

3434
# Restore all the correct context labels
35-
restorecon -RvF /usr/sbin/grafana-* \
35+
restorecon -RvF /usr/sbin/grafana* \
3636
/etc/grafana \
3737
/var/log/grafana \
3838
/var/lib/grafana \
@@ -85,7 +85,7 @@ sudo semodule -r grafana
8585
```
8686
* Restore the contexts of the files
8787
```sh
88-
restorecon -RvF /usr/sbin/grafana-* \
88+
restorecon -RvF /usr/sbin/grafana* \
8989
/etc/grafana \
9090
/var/log/grafana \
9191
/var/lib/grafana \

grafana.fc

+1
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55

66
/usr/sbin/grafana-cli -- gen_context(system_u:object_r:grafana_exec_t,s0)
77
/usr/sbin/grafana-server -- gen_context(system_u:object_r:grafana_exec_t,s0)
8+
/usr/sbin/grafana -- gen_context(system_u:object_r:grafana_exec_t,s0)
89

910
/var/lib/grafana(/.*)? gen_context(system_u:object_r:grafana_var_lib_t,s0)
1011
#/var/lib/grafana/grafana.db -- gen_context(system_u:object_r:grafana_db_t,s0)

grafana.te

+13
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,12 @@ gen_tunable(grafana_can_tcp_connect_mysql_port, false)
3434
## </desc>
3535
gen_tunable(grafana_can_tcp_connect_prometheus_port, false)
3636

37+
## <desc>
38+
## <p>
39+
## Allow grafana to connect to postgresql's default tcp port of 5432
40+
## </p>
41+
## </desc>
42+
gen_tunable(grafana_can_tcp_connect_postgresql_port, false)
3743

3844
type grafana_t;
3945
type grafana_exec_t;
@@ -75,6 +81,9 @@ can_exec(grafana_t, grafana_pcp_exec_t)
7581
corenet_tcp_connect_all_ephemeral_ports(grafana_t)
7682
grafana_exec(grafana_t)
7783

84+
# Allow grafana to connect to mssql's default tcp port of 1433
85+
corenet_tcp_connect_mssql_port(grafana_t)
86+
7887
########################################
7988
#
8089
# grafana local policy
@@ -183,6 +192,10 @@ tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default
183192
corenet_tcp_connect_websm_port(grafana_t)
184193
')
185194

195+
tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
196+
corenet_tcp_connect_postgresql_port(grafana_t)
197+
')
198+
186199
optional_policy(`
187200
systemd_private_tmp(grafana_tmp_t)
188201
')

0 commit comments

Comments
 (0)