Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-15224

Update "Configure SELinux" instructions

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • Server_Docs_20231030
    • 4.2.0, 4.4, 5.0.0
    • manual, Server
    • None

    Description

      Per SERVER-63179, the following instructions need to be updated so as to not cause excessive logging in the selinux audit log:

      https://www.mongodb.com/docs/v4.2/tutorial/install-mongodb-on-red-hat/#permit-access-to-netstat-for-ftdc

      The code in "Create a custom policy file mongodb_proc_net.te:" section should become:

      cat > mongodb_proc_net.te <<EOF
      module mongodb_proc_net 1.0;
       
      require {
          type cgroup_t;
          type configfs_t;
          type file_type;
          type mongod_t;
          type proc_net_t;
          type sysctl_fs_t;
          type var_lib_nfs_t;
       
          class dir { search getattr };
          class file { getattr open read };
      }
       
      #============= mongod_t ==============
      allow mongod_t cgroup_t:dir { search getattr } ;
      allow mongod_t cgroup_t:file { getattr open read };
      allow mongod_t configfs_t:dir getattr;
      allow mongod_t file_type:dir { getattr search };
      allow mongod_t file_type:file getattr;
      allow mongod_t proc_net_t:file { open read };
      allow mongod_t sysctl_fs_t:dir search;
      allow mongod_t var_lib_nfs_t:dir search;
      EOF
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              4 weeks, 1 day ago