-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-10.1
-
Yes
-
Low
-
1
-
rhel-pt-pcp
-
ssg_platform_tools
-
10
-
14
-
3
-
QE ack
-
False
-
False
-
-
Yes
-
PT PCP 2025 S13
-
None
-
Automated
-
Enhancement
-
-
Proposed
-
-
Unspecified
-
None
-
57,005
Description of problem:
grafana-server service runs as unconfined_service_t, which violates STIG, as STIG CIS server level 1 profile requires no service to run as "unconfined_service_t" SELinux type.
Version-Release number of selected component (if applicable):
grafana-10.2.6-20.el10
How reproducible:
Always
Steps to Reproduce:
1. Install grafana and start grafana-server service
- yum install -y grafana
- systemctl start grafana-server
2. Check if the grafana process runs as unconfined service type - ps -efZ | grep grafana-server
Actual results:
Grafana runs as unconfined service type:
- ps -efZ | grep grafana-server
system_u:system_r:unconfined_service_t:s0 grafana 40052 1 4 08:59 ? 00:00:00 /usr/sbin/grafana-server --config=/etc/grafana/grafana.ini --pidfile=/var/run/grafana/grafana-server.pid --packaging=rpm cfg:default.paths.logs=/var/log/grafana cfg:default.paths.data=/var/lib/grafana cfg:default.paths.plugins=/var/lib/grafana/plugins cfg:default.paths.provisioning=/etc/grafana/provisioning
Expected results:
Grafana does not run as unconfined service type
Additional info:
https://access.redhat.com/articles/2918071
- is blocked by
-
-
- New
-
- is cloned by
-
-
- New
-
