Details
-
Epic
-
Resolution: Won't Do
-
Major - P3
-
None
-
None
-
None
-
Not Needed
-
Description
Doc changes: document the official SELinux policy once we have created it with this project.
Description of Linked Ticket
Summary
Create an official SELinux policy that is shipped with RHEL RPMs to eliminate customer issues running MongoDB with SELinux.
Motivation
Security-Enhanced Linux (SELinux) was developed by the United States National Security Agency to support a fine-grain set of access control security policies for Linux. Among the officially supported distros, it is only enabled by default in Redhat Enterprise Linux (RHEL).
SELinux is a source of installation pain for MongoDB customers and technical support when customers run with SELinux enabled (i.e. enforcing mode). This is because RHEL ships an out of date SELinux policy that does not give mongod enough permissions to run. The policy is out of date because it is not maintained by MongoDB. As a result, it does not adapt to changes in MongoDB (like FTDC reading from /proc) and it is not tested with the enterprise version (LDAP, Kerberos, saslauthd, snmp, etc).