[SERVER-82215] MongoDB 6.0 + RHEL9 SELinux Created: 16/Oct/23 Updated: 05/Dec/23 |
|
| Status: | Needs Verification |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 6.0.11 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Kyllian Chartrain | Assignee: | Noopur Gupta |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Mongo 6.0.11 |
||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| Operating System: | ALL | ||||||||
| Participants: | |||||||||
| Description |
|
Hi. We are installing mongodb on a rocky linux 9. We know that the mongodb-selinux github state that the RHEL9 are not supported. Do you know if the RHEL9 SELinux will be supported and when ? We got on denial on the /var/log/audit/audit.log:
The audit2allow utils command seems to indicate that mongod_t need the following:
Similar problem as been found here and fixed but for RHEL 8. Thanks in advance.
|
| Comments |
| Comment by Kyllian Chartrain [ 27/Oct/23 ] | |||
|
Hi noopur, I don't have any mongod log since the restart call is blocked by SELinux. Without the policy the mongod reload work as intended.
As shown in the screenshot named first-reload the default mongopolicy is installed and the restart work as intended. Once the mongo policy is installed manually the reload failed due to an access denied error as shown in the sceenshot named second-reload.
best regards, Kyllian chartrain. | |||
| Comment by Noopur Gupta [ 25/Oct/23 ] | |||
|
Hi Kyllian, Can you share mongod logs for this restart failure? Also, can you share the commands you used to run the mongod first(i.e before restart)?
| |||
| Comment by Kyllian Chartrain [ 25/Oct/23 ] | |||
|
Hi Noopur, It seems that the SEPolicy is good if the mongodb service is up and running but fails to restart with:
The audit2allow command indicate:
best regards, Kyllian.
| |||
| Comment by Kyllian Chartrain [ 24/Oct/23 ] | |||
|
Hi Noopur, Installing the SELinux policy directly from the github worked. But the SELinux policy installed by default using mongod alone have the issue. does it mean that the default policy should be replaced by the one present on the github ?
best regards, Kyllian. | |||
| Comment by Noopur Gupta [ 17/Oct/23 ] | |||
|
Hi Kyllian, According to https://www.mongodb.com/docs/manual/tutorial/install-mongodb-enterprise-on-red-hat/#configure-selinux SELinux is supported in all versions RHEL7 or later. Let us know if you have further questions. |