Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-1512

Investigate changes in PM-1484: Create official SE Linux Profile

    XMLWordPrintableJSON

Details

    • Icon: Epic Epic
    • Resolution: Won't Do
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • Not Needed
    • Hide

      Doc changes: document the official SELinux policy once we have created it with this project.

      Major points covered in README at https://github.com/mongodb/mongodb-selinux

      Show
      Doc changes: document the official SELinux policy once we have created it with this project. Major points covered in README at https://github.com/mongodb/mongodb-selinux

    Description

      Downstream Change Summary

      Doc changes: document the official SELinux policy once we have created it with this project.

      Description of Linked Ticket

      Epic Summary

      Summary

      Create an official SELinux policy that is shipped with RHEL RPMs to eliminate customer issues running MongoDB with SELinux.

      Motivation

      Security-Enhanced Linux (SELinux) was developed by the United States National Security Agency to support a fine-grain set of access control security policies for Linux. Among the officially supported distros, it is only enabled by default in Redhat Enterprise Linux (RHEL).

      SELinux is a source of installation pain for MongoDB customers and technical support when customers run with SELinux enabled (i.e. enforcing mode). This is because RHEL ships an out of date SELinux policy that does not give mongod enough permissions to run. The policy is out of date because it is not maintained by MongoDB. As a result, it does not adapt to changes in MongoDB (like FTDC reading from /proc) and it is not tested with the enterprise version (LDAP, Kerberos, saslauthd, snmp, etc).

      Documentation

      Scope Document
      Technical Design Document

      Attachments

        Activity

          People

            Unassigned Unassigned
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: