[SERVER-68892] MongoDB 6.0 + mongodb-selinux Created: 17/Aug/22 Updated: 16/Oct/23 Resolved: 30/Aug/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | INVADE International Ltd | Assignee: | Sergey Galtsev (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | selinux | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Operating System: | ALL | ||||||||
| Steps To Reproduce: | Upgrade MongoDB 5.0 to 6.0 as per the documentation. |
||||||||
| Sprint: | Security 2022-08-22, Security 2022-09-05 | ||||||||
| Participants: | |||||||||
| Description |
|
Hi. This relates to https://www.mongodb.com/community/forums/t/mongodb-6-0-and-selinux/180756.
We are testing an upgrade of MongoDB 5.0 to MongoDB 6.0 on Rocky Linux 8, using the revised SELinux instructions: https://www.mongodb.com/docs/v6.0/tutorial/install-mongodb-on-red-hat/#configure-selinux
I can't see anything in mongodb-selinux that grants:
like the old "mongodb_proc_net" policy used to.
Should this be included (i.e. it's a bug in the policy), or do we need to manually add a policy ourselves?
Thanks. |
| Comments |
| Comment by Sergey Galtsev (Inactive) [ 30/Aug/22 ] |
|
The policy was updated. Thanks third.line@invade.net for testing the change |
| Comment by INVADE International Ltd [ 30/Aug/22 ] |
|
Hi Sergey. We have tested the fix and can confirm that there have been no SELinux denials since. Many thanks. |
| Comment by INVADE International Ltd [ 30/Aug/22 ] |
|
Hi Sergey. I will get back to you with the results of our testing. Might be a couple of days. Thanks. |
| Comment by Sergey Galtsev (Inactive) [ 26/Aug/22 ] |
|
Hi third.line@invade.net! Thanks for reporting the bug. Do you mind testing the fix? Please find the corrected policy in https://github.com/mongodb/mongodb-selinux/tree/sergev.galtsev/SERVER-68892 |