[SERVER-56540] SELINUX: manually test typical mongod on a RHEL8 machine, identify gaps Created: 30/Apr/21  Updated: 01/Jul/21  Resolved: 01/Jul/21

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Sergey Galtsev (Inactive) Assignee: Sergey Galtsev (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Sprint: Security 2021-05-31, Security 2021-06-28, Security 2021-07-12
Participants:

 Description   

This is to determine what does or doesn't work on actual installation



 Comments   
Comment by Sergey Galtsev (Inactive) [ 25/Jun/21 ]

Note: most jstests in jstest/core work as-is on rpm-installed mongod on selinux

Comment by Sergey Galtsev (Inactive) [ 25/Jun/21 ]

Note: simple_snmpwalk.js is designed to have mongod listen to udp:localhost:1161, which does not by default belong to SNMP in reference RHEL8 SELinux. However, tcp:localhost:1161 does. I shall be changing test to use tcp, this will avoid having to reconfigure default SELinux ports

Comment by Sergey Galtsev (Inactive) [ 25/Jun/21 ]

Note: SNMP must store agentx in /var/agentx/master, not /tmp/agentx/master as described in https://docs.mongodb.com/manual/tutorial/monitor-with-snmp/

Generated at Thu Feb 08 05:39:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.