-
Type: Bug
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: 6.0.11
-
Component/s: None
-
None
-
Environment:Mongo 6.0.11
Rocky Linux 9
-
ALL
Hi.
We are installing mongodb on a rocky linux 9.
We know that the mongodb-selinux github state that the RHEL9 are not supported.
Do you know if the RHEL9 SELinux will be supported and when ?
We got on denial on the /var/log/audit/audit.log:
type=AVC msg=audit(1697463671.995:1842): avc: denied { search } for pid=802 comm="ftdc" name="fs" dev="proc" ino=13458 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1697463671.995:1842): arch=c00000b7 syscall=43 success=no exit=-13 a0=aaaaf9a42680 a1=ffff9435c8a0 a2=ffff9dc7bb18 a3=0 items=0 ppid=1 pid=802 auid=4294967295 uid=990 gid=990 euid=990 suid=990 fsuid=990 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm="ftdc" exe="/usr/bin/mongod" subj=system_u:system_r:mongod_t:s0 key=(null)ARCH=aarch64 SYSCALL=statfs AUID="unset" UID="mongod" GID="mongod" EUID="mongod" SUID="mongod" FSUID="mongod" EGID="mongod" SGID="mongod" FSGID="mongod" type=PROCTITLE msg=audit(1697463671.995:1842): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66
The audit2allow utils command seems to indicate that mongod_t need the following:
#============= mongod_t ============== allow mongod_t sysctl_fs_t:dir search; allow mongod_t sysctl_net_t:dir search;
Similar problem as been found here and fixed but for RHEL 8.
Thanks in advance.
- is related to
-
SERVER-68892 MongoDB 6.0 + mongodb-selinux
- Closed