[SERVER-9248] MongoDB crash on startup on linux system when unable to check readahead due to limited permissions Created: 04/Apr/13 Updated: 11/Jul/16 Resolved: 07/Oct/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Usability |
| Affects Version/s: | 2.4.1 |
| Fix Version/s: | 2.4.10, 2.5.3 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Florent Quillien | Assignee: | Mathias Stearn |
| Resolution: | Done | Votes: | 4 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Gentoo Linux + kernel 3.7.5 + grsec with GRKERNSEC_SYSFS_RESTRICT |
||
| Attachments: |
|
| Backwards Compatibility: | Fully Compatible |
| Operating System: | Linux |
| Steps To Reproduce: |
|
| Participants: |
| Description |
|
Issue Status as of March 31, 2014 ISSUE SUMMARY MongoDB checks the readahead settings on startup from the /sys/dev/block directory. If the permissions to these files are restricted so that MongoDB cannot open them, it terminates with an exception. USER IMPACT Some systems with heightened security settings (for example hardened Gentoo with grSecurity extension) restrict access to the required file by default. SOLUTION The solution is to ignore any error due to restricted file permissions and skip the readahead check in such a case. WORKAROUNDS Ensure that the user running the mongod process has read access access to the files under /sys/dev/block. AFFECTED VERSIONS All release versions from 2.4.0 to 2.4.9 are affected. PATCHES The fix is included in the 2.4.10 production release and the 2.5.3 development version, which will evolve into the 2.6.0 production release. Original DescriptionMongoDB try to check if the file '/sys/dev/block/x:x/queue/read_ahead_kb' exists on startup. When the MongoDB's user have not the permission access to a parent directory, it throw an exception and stop the server: Code: GRSEC sysfs restrict results: MongoDB log file: Thu Apr 4 22:09:42.701 [initandlisten] exception in initAndListen std::exception: boost::filesystem::status: Permission denied: "/sys/dev/block/253:1/queue/read_ahead_kb", terminating Kernel configuration: |
| Comments |
| Comment by Githook User [ 09/Mar/14 ] |
|
Author: {u'name': u'Dan Pasette', u'email': u'dan@10mongodb.com'}Message: |
| Comment by Githook User [ 09/Mar/14 ] |
|
Author: {u'name': u'Dan Pasette', u'email': u'dan@10mongodb.com'}Message: To test, run sudo chmod o-x /sys/dev/block |
| Comment by auto [ 07/Oct/13 ] |
|
Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}Message: To test, run sudo chmod o-x /sys/dev/block |
| Comment by Eliot Horowitz (Inactive) [ 04/Oct/13 ] |
|
If we do not have access to the file, we should just ignore. |
| Comment by Jakub Jirutka [ 04/Oct/13 ] |
|
I’m forced to stay on <2.4 due this issue. Please make this check optional! |
| Comment by Vladimir Muzhilov [ 09/Jul/13 ] |
|
confirm on 3.2.11-hardened gentoo |
| Comment by Kirill Elagin [ 04/May/13 ] |
|
This check should be optional definitely. |
| Comment by Vitaliy [ 03/May/13 ] |
|
I confirm this bug. 3.8.3-hardened Gentoo and recommended grsecurity settings. Seems there is another way. through RBAC i think. i'll try to figure out this. |