Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-53177

SELinux is preventing /usr/bin/mongod from search access on the directory net.

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: JavaScript
    • None
    • ALL

      SELinux is preventing /usr/bin/mongod from search access on the directory net.

       I have followed the installation steps 

      https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/

      [root@xxxxxxxxx]# semodule -l | grep mongo
      mongodb 1.1.0
      mongodb_cgroup_memory 1.0
      mongodb_proc_net 1.0

      OS:- Centos 7.9

       

      I saw one guy opened a same bug in RedHat also

      https://bugzilla.redhat.com/show_bug.cgi?id=1884810

       

      --------------------------------------------------------------------------------

      SELinux is preventing /usr/bin/mongod from search access on the directory net.

              • Plugin catchall (100. confidence) suggests **************************

      If you believe that mongod should be allowed search access on the net directory by default.
      Then you should report this as a bug.
      You can generate a local policy module to allow this access.
      Do
      allow this access for now by executing:

      1. ausearch -c 'mongod' --raw | audit2allow -M my-mongod
      2. semodule -i my-mongod.pp

      Additional Information:
      Source Context system_u:system_r:mongod_t:s0
      Target Context system_u:object_r:sysctl_net_t:s0
      Target Objects net [ dir ]
      Source mongod
      Source Path /usr/bin/mongod
      Port <Unknown>
      Host <Unknown>
      Source RPM Packages mongodb-org-server-4.4.1-1.el7.x86_64
      Target RPM Packages
      Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
      Selinux Enabled True
      Policy Type targeted
      Enforcing Mode Enforcing
      Host Name XXXXXXXXX
      Platform Linux XXXXXXX 3.10.0-1160.6.1.el7.x86_64 #1
      SMP Tue Nov 17 13:59:11 UTC 2020 x86_64 x86_64
      Alert Count 1
      First Seen 2020-12-01 14:23:59 UTC
      Last Seen 2020-12-01 14:23:59 UTC
      Local ID 3f4e312c-a021-4bd7-9a3e-205b6367ec9c

      Raw Audit Messages
      type=AVC msg=audit(1606832639.771:108): avc: denied { search } for pid=1674 comm="mongod" name="net" dev="proc" ino=244 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0

      type=SYSCALL msg=audit(1606832639.771:108): arch=x86_64 syscall=stat success=no exit=EACCES a0=55f2684e18e0 a1=7ffca39f3c70 a2=7ffca39f3c70 a3=79732f636f72702f items=0 ppid=1670 pid=1674 auid=4294967295 uid=996 gid=995 euid=996 suid=996 fsuid=996 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm=mongod exe=/usr/bin/mongod subj=system_u:system_r:mongod_t:s0 key=(null)

      Hash: mongod,mongod_t,sysctl_net_t,dir,search

       

            Assignee:
            jonathan.streets@mongodb.com Jonathan Streets (Inactive)
            Reporter:
            aneesh.reghu@gmail.com Aneesh Reghu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: