-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: JavaScript
-
None
-
ALL
SELinux is preventing /usr/bin/mongod from search access on the directory net.
I have followed the installation steps
https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/
[root@xxxxxxxxx]# semodule -l | grep mongo
mongodb 1.1.0
mongodb_cgroup_memory 1.0
mongodb_proc_net 1.0
OS:- Centos 7.9
I saw one guy opened a same bug in RedHat also
https://bugzilla.redhat.com/show_bug.cgi?id=1884810
--------------------------------------------------------------------------------
SELinux is preventing /usr/bin/mongod from search access on the directory net.
-
-
-
-
- Plugin catchall (100. confidence) suggests **************************
-
-
-
If you believe that mongod should be allowed search access on the net directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
- ausearch -c 'mongod' --raw | audit2allow -M my-mongod
- semodule -i my-mongod.pp
Additional Information:
Source Context system_u:system_r:mongod_t:s0
Target Context system_u:object_r:sysctl_net_t:s0
Target Objects net [ dir ]
Source mongod
Source Path /usr/bin/mongod
Port <Unknown>
Host <Unknown>
Source RPM Packages mongodb-org-server-4.4.1-1.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name XXXXXXXXX
Platform Linux XXXXXXX 3.10.0-1160.6.1.el7.x86_64 #1
SMP Tue Nov 17 13:59:11 UTC 2020 x86_64 x86_64
Alert Count 1
First Seen 2020-12-01 14:23:59 UTC
Last Seen 2020-12-01 14:23:59 UTC
Local ID 3f4e312c-a021-4bd7-9a3e-205b6367ec9c
Raw Audit Messages
type=AVC msg=audit(1606832639.771:108): avc: denied { search } for pid=1674 comm="mongod" name="net" dev="proc" ino=244 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1606832639.771:108): arch=x86_64 syscall=stat success=no exit=EACCES a0=55f2684e18e0 a1=7ffca39f3c70 a2=7ffca39f3c70 a3=79732f636f72702f items=0 ppid=1670 pid=1674 auid=4294967295 uid=996 gid=995 euid=996 suid=996 fsuid=996 egid=995 sgid=995 fsgid=995 tty=(none) ses=4294967295 comm=mongod exe=/usr/bin/mongod subj=system_u:system_r:mongod_t:s0 key=(null)
Hash: mongod,mongod_t,sysctl_net_t,dir,search
- mentioned in
-
Page Loading...