Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Duplicate
Priority: Major - P3
Fix Version/s: Server_Docs_20231030
Affects Version/s: 4.2.0, 4.4, 5.0.0
Component/s: manual, Server
Labels:
None

Epic Link:
DOCSP-11701
Story Points:
2

Per ~~SERVER-63179~~, the following instructions need to be updated so as to not cause excessive logging in the selinux audit log:

https://www.mongodb.com/docs/v4.2/tutorial/install-mongodb-on-red-hat/#permit-access-to-netstat-for-ftdc

The code in "Create a custom policy file mongodb_proc_net.te:" section should become:

cat > mongodb_proc_net.te <<EOF
module mongodb_proc_net 1.0;

require {
    type cgroup_t;
    type configfs_t;
    type file_type;
    type mongod_t;
    type proc_net_t;
    type sysctl_fs_t;
    type var_lib_nfs_t;

    class dir { search getattr };
    class file { getattr open read };
}

#============= mongod_t ==============
allow mongod_t cgroup_t:dir { search getattr } ;
allow mongod_t cgroup_t:file { getattr open read };
allow mongod_t configfs_t:dir getattr;
allow mongod_t file_type:dir { getattr search };
allow mongod_t file_type:file getattr;
allow mongod_t proc_net_t:file { open read };
allow mongod_t sysctl_fs_t:dir search;
allow mongod_t var_lib_nfs_t:dir search;
EOF

documents

SERVER-63179 Server requires new SELinux privileges

Closed

is related to

SERVER-63179 Server requires new SELinux privileges

Closed

related to

SERVER-66475 SELinux denials on sysctl_net_t

Closed

Assignee:: Sarah Simpers

Reporter:: Sergey Galtsev (Inactive)

Participants:: Ghulam Murtaza, Githook User, Sarah Simpers, Sergey Galtsev

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: Apr 11 2022 05:14:27 PM UTC

Updated:: Feb 28 2024 07:27:16 PM UTC

Resolved:: Feb 28 2024 07:26:14 PM UTC

Days since reply:: 8 weeks, 1 day ago

Details

Description

Attachments

Issue Links

Activity

People

Dates