Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-18238

Server crashes on $where : "Array.isArray(this....)" request when SELinux is enabled

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • 2.6.9
    • None
    • None
    • ALL

    Description

      Regardless of the collection and the DB, the mongod service crashes or gets terminated.

      The Stack Trace of the process has no information on the issue as well as MongoDB logs.

      db.Collection.find( { $where : "Array.isArray(this.resources.resource)" } );
      

      SELinux reports that it prevented mongod from using the execmem...

      SELinux is preventing /usr/bin/mongod from using the 'execmem' accesses on a process.
       
      *****  Plugin catchall (100. confidence) suggests   **************************
       
      If you believe that mongod should be allowed execmem access on processes labeled mongod_t by default.
      Then you should report this as a bug.
      You can generate a local policy module to allow this access.
      Do
      allow this access for now by executing:
      # grep mongod /var/log/audit/audit.log | audit2allow -M mypol
      # semodule -i mypol.pp
       
      Additional Information:
      Source Context                system_u:system_r:mongod_t:s0
      Target Context                system_u:system_r:mongod_t:s0
      Target Objects                Unknown [ process ]
      Source                        mongod
      Source Path                   /usr/bin/mongod
      Port                          <Unknown>
      Host                          (removed)
      Source RPM Packages           mongodb-org-server-2.6.9-1.x86_64
      Target RPM Packages           
      Policy RPM                    selinux-policy-3.13.1-23.el7.noarch
      Selinux Enabled               True
      Policy Type                   targeted
      Enforcing Mode                Enforcing
      Host Name                     (removed)
      Platform                      Linux (removed) 3.10.0-229.1.2.el7.x86_64 #1 SMP
                                    Fri Mar 27 03:04:26 UTC 2015 x86_64 x86_64
      Alert Count                   14
      First Seen                    2015-04-24 16:21:08 BST
      Last Seen                     2015-04-28 16:03:35 BST
      Local ID                      ba73681d-8957-4859-94c2-87547ed45c1f
       
      Raw Audit Messages
      type=AVC msg=audit(1430233415.423:1705): avc:  denied  { execmem } for  pid=49630 comm="mongod" scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:system_r:mongod_t:s0 tclass=process
       
       
      type=SYSCALL msg=audit(1430233415.423:1705): arch=x86_64 syscall=mmap success=no exit=EACCES a0=2359dc4b5000 a1=1000 a2=7 a3=22 items=0 ppid=1 pid=49630 auid=4294967295 uid=992 gid=990 euid=992 suid=992 fsuid=992 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm=mongod exe=/usr/bin/mongod subj=system_u:system_r:mongod_t:s0 key=(null)
       
      Hash: mongod,mongod_t,mongod_t,process,execmem
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            olegschmidt Oleg Schmidt
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: