-
Type: Task
-
Resolution: Duplicate
-
Priority: Major - P3
-
Affects Version/s: 4.2.0, 4.4, 5.0.0
-
Labels:None
Per SERVER-63179, the following instructions need to be updated so as to not cause excessive logging in the selinux audit log:
The code in "Create a custom policy file mongodb_proc_net.te:" section should become:
cat > mongodb_proc_net.te <<EOF module mongodb_proc_net 1.0; require { type cgroup_t; type configfs_t; type file_type; type mongod_t; type proc_net_t; type sysctl_fs_t; type var_lib_nfs_t; class dir { search getattr }; class file { getattr open read }; } #============= mongod_t ============== allow mongod_t cgroup_t:dir { search getattr } ; allow mongod_t cgroup_t:file { getattr open read }; allow mongod_t configfs_t:dir getattr; allow mongod_t file_type:dir { getattr search }; allow mongod_t file_type:file getattr; allow mongod_t proc_net_t:file { open read }; allow mongod_t sysctl_fs_t:dir search; allow mongod_t var_lib_nfs_t:dir search; EOF
- documents
-
SERVER-63179 Server requires new SELinux privileges
- Closed
- is related to
-
SERVER-63179 Server requires new SELinux privileges
- Closed
- related to
-
SERVER-66475 SELinux denials on sysctl_net_t
- Closed