Currently it is no possible to activate some external data source plugins for Grafana installed from RHEL 9 Appstream. In my specific situation this affects the MQTT plugin.

In the grafana logfile I can see

grafana/grafana.log:logger=plugins.initialization t=2025-07-06T09:50:56.004947957+02:00 level=error msg="Could not initialize plugin" pluginId=grafana-mqtt-datasource error="Unrecognized remote plugin message: \nFailed to read any lines from plugin's stdout\nThis usually means\n  the plugin was not compiled for this architecture,\n  the plugin is missing dynamic-link libraries necessary to run,\n  the plugin is not executable by this process due to file permissions, or\n  the plugin failed to negotiate the initial go-plugin protocol handshake\n\nAdditional notes about plugin:\n  Path: /var/lib/grafana/plugins/grafana-mqtt-datasource/gpx_mqtt_linux_amd64\n  Mode: rwxr-x--\n  Owner: 992 [grafana] (current: 992 [grafana])\n  Group: 989 [grafana] (current: 989 [grafana])\n  ELF architecture: EM_X86_64 (current architecture: amd64)\n"

Using audit2why -a:

type=AVC msg=audit(1751788256.002:64): avc:  denied  { map } for  pid=1422 comm="gpx_mqtt_linux_" path="/var/lib/grafana/plugins/grafana-mqtt-datasource/gpx_mqtt_linux_amd64" dev="dm-0" ino=51027057 scontext=system_u:system_r:grafana_t:s0 tcontext=system_u:object_r:grafana_var_lib_t:s0 tclass=file permissive=0

This can be fixed by adding a SE module policy using the following TE file:

module grafana-fixes 1.0;

require {
    type grafana_var_lib_t;
    type grafana_t;
    class file { map };
}

#============= grafana_t ==============

allow grafana_t grafana_var_lib_t:file map;