<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:58:43 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-63808] MongoDB and SELinux issues on CentOS 7</title>
                <link>https://jira.mongodb.org/browse/SERVER-63808</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;h3&gt;&lt;a name=&quot;ProblemStatement%2FRationale&quot;&gt;&lt;/a&gt;&lt;b&gt;Problem Statement/Rationale&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;&lt;font color=&quot;#505f79&quot;&gt;I&apos;m running MongoDB 5.0 on a Centos 7 virtual machine. SELinux is enabled and currently set to enforcing. SELinux is preventing Mongo from accessing multiple files and directories. As a result, /var/log/ is filling quite fast with messages. Attached, you can see my custom .te policy I put in place and compiled. This took care of most of the issues, so the fill up has been brought to a crawl, thankfully. But, as per the other screenshot, you can see that SELinux is still preventing Mongo on a couple of things, specifically /proc/&amp;lt;pid&amp;gt;/net/snmp and /proc/&amp;lt;pid&amp;gt;/net/netstat.&lt;/font&gt;&lt;/p&gt;
&lt;h3&gt;&lt;a name=&quot;StepstoReproduce&quot;&gt;&lt;/a&gt;&lt;b&gt;Steps to Reproduce&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;&lt;font color=&quot;#505f79&quot;&gt;Establish a server with the same OS and version of Mongo with SELinux enabled. You should be able to see the same errors being produced in /var/log/messages&lt;/font&gt;&lt;/p&gt;
&lt;h3&gt;&lt;a name=&quot;ExpectedResults&quot;&gt;&lt;/a&gt;&lt;b&gt;Expected Results&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;&lt;font color=&quot;#505f79&quot;&gt;I would like to not have SELinux be blocking these things for Mongo any longer. I don&apos;t want /var/log/messages filling up with these types of alerts any longer.&lt;/font&gt;&lt;/p&gt;
&lt;h3&gt;&lt;a name=&quot;ActualResults&quot;&gt;&lt;/a&gt;&lt;b&gt;Actual Results&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;/var/log/messages is filling up with SELinux alerts that are telling me that SELinux is preventing ftdc from open access on the specified files above.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Additional Notes&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;&lt;font color=&quot;#505f79&quot;&gt;I&apos;m thinking that if we added the getattr and open properties to the proc_net_t line in my .te policy file (screenshot attached), this would resolve it. But, we do not want Mongo to be able to those things, it is too permissive.&lt;/font&gt;&lt;/p&gt;</description>
                <environment>MongoDB 5.0 and CentOS 7</environment>
        <key id="1985800">SERVER-63808</key>
            <summary>MongoDB and SELinux issues on CentOS 7</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="chris.kelly@mongodb.com">Chris Kelly</assignee>
                                    <reporter username="cbator@powertrain.com">Chris Bator</reporter>
                        <labels>
                    </labels>
                <created>Thu, 17 Feb 2022 17:59:07 +0000</created>
                <updated>Wed, 22 Jun 2022 17:52:01 +0000</updated>
                            <resolved>Mon, 14 Mar 2022 21:10:56 +0000</resolved>
                                                                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="4411269" author="JIRAUSER1265262" created="Mon, 14 Mar 2022 20:26:02 +0000"  >&lt;p&gt;Hi Chris,&lt;/p&gt;

&lt;p&gt;It appears we are tracking an issue related to SELinux privileges attributed to ftdc in&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-63179&quot; title=&quot;Server requires new SELinux privileges&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-63179&quot;&gt;&lt;del&gt;SERVER-63179&lt;/del&gt;&lt;/a&gt;. I am going to close this ticket, but you can keep an eye on that one for further information.&lt;/p&gt;

&lt;p&gt;Regards,&lt;br/&gt;
 Christopher&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                            <comment id="4386773" author="JIRAUSER1269867" created="Wed, 2 Mar 2022 16:32:45 +0000"  >&lt;p&gt;Hi Dmitry,&lt;/p&gt;

&lt;p&gt;I had tried that originally, but was still getting a massive amount of messages about SELinux blocking Mongo from accessing certain things. I then created my own custom .te policy and compiled that. We are still left with some things that SELinux is blocking.&lt;/p&gt;

&lt;p&gt;Thanks,&lt;/p&gt;

&lt;p&gt;Chris&lt;/p&gt;</comment>
                            <comment id="4379870" author="dmitry.agranat" created="Mon, 28 Feb 2022 11:00:02 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=cbator%40powertrain.com&quot; class=&quot;user-hover&quot; rel=&quot;cbator@powertrain.com&quot;&gt;cbator@powertrain.com&lt;/a&gt;, does &lt;a href=&quot;https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/#configure-selinux&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this documentation link from our Production Notes&lt;/a&gt; help to address the reported issue?&lt;/p&gt;</comment>
                            <comment id="4372505" author="JIRAUSER1269867" created="Wed, 23 Feb 2022 19:50:07 +0000"  >&lt;p&gt;Please note, this is also taking place on RHEL8 as well, screenshot below:&lt;/p&gt;

&lt;p&gt;&lt;span class=&quot;image-wrap&quot; style=&quot;&quot;&gt;&lt;img src=&quot;https://jira.mongodb.org/secure/attachment/362294/362294_image-2022-02-23-12-49-56-960.png&quot; style=&quot;border: 0px solid black&quot; /&gt;&lt;/span&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="1975106">SERVER-63179</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="361175" name="image-2022-02-17-10-17-07-864.png" size="51994" author="JIRAUSER1264748" created="Thu, 17 Feb 2022 17:17:10 +0000"/>
                            <attachment id="361173" name="image-2022-02-17-10-17-30-340.png" size="51994" author="JIRAUSER1264748" created="Thu, 17 Feb 2022 17:17:32 +0000"/>
                            <attachment id="361174" name="image-2022-02-17-10-18-15-561.png" size="212147" author="JIRAUSER1264748" created="Thu, 17 Feb 2022 17:18:20 +0000"/>
                            <attachment id="362294" name="image-2022-02-23-12-49-56-960.png" size="118930" author="JIRAUSER1264748" created="Wed, 23 Feb 2022 19:49:58 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 28 Feb 2022 11:00:02 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        1 year, 47 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            1 year, 47 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>cbator@powertrain.com</customfieldvalue>
            <customfieldvalue>chris.kelly@mongodb.com</customfieldvalue>
            <customfieldvalue>dmitry.agranat@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i0kldr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i03nsv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                    <customfieldvalue><![CDATA[dmitry.agranat@mongodb.com]]></customfieldvalue>
        <customfieldvalue><![CDATA[chris.kelly@mongodb.com]]></customfieldvalue>
    

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i0k7j3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>