SELinux is preventing /usr/bin/mongod from using the 'execmem' accesses on a process.
|
|
***** Plugin catchall (100. confidence) suggests **************************
|
|
If you believe that mongod should be allowed execmem access on processes labeled mongod_t by default.
|
Then you should report this as a bug.
|
You can generate a local policy module to allow this access.
|
Do
|
allow this access for now by executing:
|
# grep mongod /var/log/audit/audit.log | audit2allow -M mypol
|
# semodule -i mypol.pp
|
|
Additional Information:
|
Source Context system_u:system_r:mongod_t:s0
|
Target Context system_u:system_r:mongod_t:s0
|
Target Objects Unknown [ process ]
|
Source mongod
|
Source Path /usr/bin/mongod
|
Port <Unknown>
|
Host (removed)
|
Source RPM Packages mongodb-org-server-2.6.9-1.x86_64
|
Target RPM Packages
|
Policy RPM selinux-policy-3.13.1-23.el7.noarch
|
Selinux Enabled True
|
Policy Type targeted
|
Enforcing Mode Enforcing
|
Host Name (removed)
|
Platform Linux (removed) 3.10.0-229.1.2.el7.x86_64 #1 SMP
|
Fri Mar 27 03:04:26 UTC 2015 x86_64 x86_64
|
Alert Count 14
|
First Seen 2015-04-24 16:21:08 BST
|
Last Seen 2015-04-28 16:03:35 BST
|
Local ID ba73681d-8957-4859-94c2-87547ed45c1f
|
|
Raw Audit Messages
|
type=AVC msg=audit(1430233415.423:1705): avc: denied { execmem } for pid=49630 comm="mongod" scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:system_r:mongod_t:s0 tclass=process
|
|
|
type=SYSCALL msg=audit(1430233415.423:1705): arch=x86_64 syscall=mmap success=no exit=EACCES a0=2359dc4b5000 a1=1000 a2=7 a3=22 items=0 ppid=1 pid=49630 auid=4294967295 uid=992 gid=990 euid=992 suid=992 fsuid=992 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm=mongod exe=/usr/bin/mongod subj=system_u:system_r:mongod_t:s0 key=(null)
|
|
Hash: mongod,mongod_t,mongod_t,process,execmem
|