Details
-
Bug
-
Resolution: Done
-
Major - P3
-
None
-
2.6.9
-
None
-
None
-
ALL
Description
Regardless of the collection and the DB, the mongod service crashes or gets terminated.
The Stack Trace of the process has no information on the issue as well as MongoDB logs.
db.Collection.find( { $where : "Array.isArray(this.resources.resource)" } );
|
SELinux reports that it prevented mongod from using the execmem...
SELinux is preventing /usr/bin/mongod from using the 'execmem' accesses on a process.
|
|
|
***** Plugin catchall (100. confidence) suggests **************************
|
|
|
If you believe that mongod should be allowed execmem access on processes labeled mongod_t by default.
|
Then you should report this as a bug.
|
You can generate a local policy module to allow this access.
|
Do
|
allow this access for now by executing:
|
# grep mongod /var/log/audit/audit.log | audit2allow -M mypol
|
# semodule -i mypol.pp
|
|
|
Additional Information:
|
Source Context system_u:system_r:mongod_t:s0
|
Target Context system_u:system_r:mongod_t:s0
|
Target Objects Unknown [ process ]
|
Source mongod
|
Source Path /usr/bin/mongod
|
Port <Unknown>
|
Host (removed)
|
Source RPM Packages mongodb-org-server-2.6.9-1.x86_64
|
Target RPM Packages
|
Policy RPM selinux-policy-3.13.1-23.el7.noarch
|
Selinux Enabled True
|
Policy Type targeted
|
Enforcing Mode Enforcing
|
Host Name (removed)
|
Platform Linux (removed) 3.10.0-229.1.2.el7.x86_64 #1 SMP
|
Fri Mar 27 03:04:26 UTC 2015 x86_64 x86_64
|
Alert Count 14
|
First Seen 2015-04-24 16:21:08 BST
|
Last Seen 2015-04-28 16:03:35 BST
|
Local ID ba73681d-8957-4859-94c2-87547ed45c1f
|
|
|
Raw Audit Messages
|
type=AVC msg=audit(1430233415.423:1705): avc: denied { execmem } for pid=49630 comm="mongod" scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:system_r:mongod_t:s0 tclass=process
|
|
|
|
|
type=SYSCALL msg=audit(1430233415.423:1705): arch=x86_64 syscall=mmap success=no exit=EACCES a0=2359dc4b5000 a1=1000 a2=7 a3=22 items=0 ppid=1 pid=49630 auid=4294967295 uid=992 gid=990 euid=992 suid=992 fsuid=992 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm=mongod exe=/usr/bin/mongod subj=system_u:system_r:mongod_t:s0 key=(null)
|
|
|
Hash: mongod,mongod_t,mongod_t,process,execmem
|