[DRIVERS-1512] Investigate changes in PM-1484: Create official SE Linux Profile Created: 19/Jan/21  Updated: 27/May/22  Resolved: 20/Jan/21

Status: Closed
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Epic Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Driver Changes: Not Needed
Server Compat: 5.1
Upstream Changes Summary:

Doc changes: document the official SELinux policy once we have created it with this project.

Major points covered in README at https://github.com/mongodb/mongodb-selinux


 Description   
Downstream Change Summary

Doc changes: document the official SELinux policy once we have created it with this project.

Description of Linked Ticket

Epic Summary

Summary

Create an official SELinux policy that is shipped with RHEL RPMs to eliminate customer issues running MongoDB with SELinux.

Motivation

Security-Enhanced Linux (SELinux) was developed by the United States National Security Agency to support a fine-grain set of access control security policies for Linux. Among the officially supported distros, it is only enabled by default in Redhat Enterprise Linux (RHEL).

SELinux is a source of installation pain for MongoDB customers and technical support when customers run with SELinux enabled (i.e. enforcing mode). This is because RHEL ships an out of date SELinux policy that does not give mongod enough permissions to run. The policy is out of date because it is not maintained by MongoDB. As a result, it does not adapt to changes in MongoDB (like FTDC reading from /proc) and it is not tested with the enterprise version (LDAP, Kerberos, saslauthd, snmp, etc).

Documentation

Scope Document
Technical Design Document



 Comments   
Comment by Alexander Golin (Inactive) [ 20/Jan/21 ]

Triage: No work for drivers

Generated at Thu Feb 08 08:23:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.