[SERVER-66475] SELinux denials on sysctl_net_t Created: 16/May/22 Updated: 10/Jun/22 Resolved: 16/May/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 5.0.8 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | INVADE International Ltd | Assignee: | Sergey Galtsev (Inactive) |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Operating System: | ALL | ||||||||||||
| Steps To Reproduce: | Install and configure MongoDB as documented. Start the mongod service. |
||||||||||||
| Sprint: | Security 2022-05-30 | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
Hi. Even following the latest documentation updates in https://jira.mongodb.org/browse/DOCS-15224, I still don't see the SELinux rules that I added to https://jira.mongodb.org/browse/SERVER-53177 in my comment https://jira.mongodb.org/browse/SERVER-53177?focusedCommentId=3607295&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-3607295 in the latest documentation (https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-red-hat/).
We still get denials reported on: every time the mongod service is started. We are running MongoDB 5.0.8 on Rocky Linux 8. |
| Comments |
| Comment by Sergey Galtsev (Inactive) [ 17/May/22 ] | |
|
third.line@invade.net if these denials are causing production issues for you, please open a HELP ticket. | |
| Comment by INVADE International Ltd [ 17/May/22 ] | |
| |
| Comment by Sergey Galtsev (Inactive) [ 16/May/22 ] | |
With that said, service started successfully and that fix is not required to run mongod.
Since 5.0 is the last version for which official selinux policy has not been rolled out, I don't think this ticket warrants an action to be taken | |
| Comment by Edwin Zhou [ 16/May/22 ] | |
|
Thank you for your report. I will pass this along to the Security team to investigate making additional access changes for SELinux. Best, |