<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 06:05:32 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-66475] SELinux denials on sysctl_net_t</title>
                <link>https://jira.mongodb.org/browse/SERVER-66475</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Hi.&lt;/p&gt;

&lt;p&gt;Even following the latest documentation updates in &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-15224&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/DOCS-15224&lt;/a&gt;, I still don&apos;t see the SELinux rules that I added to &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-53177&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/SERVER-53177&lt;/a&gt; in my comment &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-53177?focusedCommentId=3607295&amp;amp;page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-3607295&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/SERVER-53177?focusedCommentId=3607295&amp;amp;page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-3607295&lt;/a&gt; in the latest documentation (&lt;a href=&quot;https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-red-hat/).&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-red-hat/).&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;We still get denials reported on:&lt;br/&gt;
allow mongod_t sysctl_net_t:dir search;&lt;br/&gt;
allow mongod_t sysctl_net_t:file { getattr read open };&lt;/p&gt;

&lt;p&gt;every time the mongod service is started.&lt;/p&gt;

&lt;p&gt;We are running MongoDB 5.0.8 on Rocky Linux 8.&lt;/p&gt;</description>
                <environment></environment>
        <key id="2047144">SERVER-66475</key>
            <summary>SELinux denials on sysctl_net_t</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="sergey.galtsev@mongodb.com">Sergey Galtsev</assignee>
                                    <reporter username="third.line@invade.net">INVADE International Ltd</reporter>
                        <labels>
                    </labels>
                <created>Mon, 16 May 2022 12:19:14 +0000</created>
                <updated>Fri, 10 Jun 2022 15:02:40 +0000</updated>
                            <resolved>Mon, 16 May 2022 21:15:07 +0000</resolved>
                                    <version>5.0.8</version>
                                                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="4553254" author="JIRAUSER1258160" created="Tue, 17 May 2022 15:06:55 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=third.line%40invade.net&quot; class=&quot;user-hover&quot; rel=&quot;third.line@invade.net&quot;&gt;third.line@invade.net&lt;/a&gt;&#160; if these denials are causing production issues for you, please open a HELP ticket.&lt;/p&gt;</comment>
                            <comment id="4552166" author="JIRAUSER1269682" created="Tue, 17 May 2022 08:46:45 +0000"  >&lt;ol&gt;
	&lt;li&gt;The sysctl_net_t:file denials are only logged after you allow the sysctl_net_t:dir search.&lt;/li&gt;
	&lt;li&gt;I assume the denial means MongoDB is not being allowed to do something it is trying to do. Why is it triggering the denials, and what are the implications of it being denied?&lt;/li&gt;
&lt;/ol&gt;



&lt;ol&gt;
	&lt;li&gt;Why are these denials being treated differently to all of those addressed in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-63179?&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/SERVER-63179?&lt;/a&gt;&lt;/li&gt;
&lt;/ol&gt;



&lt;ol&gt;
	&lt;li&gt;Rocky Linux is a binary compatible distribution to RHEL. As you have stated, the same denials are reported in RHEL. Is RHEL also no longer supported?&lt;/li&gt;
&lt;/ol&gt;



&lt;ol&gt;
	&lt;li&gt;These violations are triggering are monitoring tooling. Based on your statement &quot;I don&apos;t think this ticket warrants an action to be taken&quot;, I am assuming that we can simply ignore the denials, rather than allow them, and that this won&apos;t have any detrimental effect on the operation of MongoDB.&lt;/li&gt;
&lt;/ol&gt;
</comment>
                            <comment id="4551448" author="JIRAUSER1258160" created="Mon, 16 May 2022 21:14:50 +0000"  >&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;I tested 5.0.8 enterprise on RHEL8, and I found that there is a violation which could be fixed by:
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;allow mongod_t sysctl_net_t:dir search; &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;I have not found&#160; &lt;tt&gt;sysctl_net_t:file&lt;/tt&gt; violation.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;With that said, service started successfully and that fix is not required to run mongod.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Rocky Linux 8 is an unsupported operating system, as such we typically do not patch for it, as it will require us to establish testing process.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Since 5.0 is the last version for which official selinux policy has not been rolled out, I don&apos;t think this ticket warrants an action to be taken&lt;/p&gt;</comment>
                            <comment id="4550530" author="JIRAUSER1257066" created="Mon, 16 May 2022 16:58:31 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=third.line%40invade.net&quot; class=&quot;user-hover&quot; rel=&quot;third.line@invade.net&quot;&gt;third.line@invade.net&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Thank you for your report. I will pass this along to the Security team to investigate making additional access changes for SELinux.&lt;/p&gt;

&lt;p&gt;Best,&lt;br/&gt;
Edwin&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1975106">SERVER-63179</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2022279">DOCS-15224</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 16 May 2022 16:57:18 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        1 year, 38 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            1 year, 38 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>edwin.zhou@mongodb.com</customfieldvalue>
            <customfieldvalue>third.line@invade.net</customfieldvalue>
            <customfieldvalue>sergey.galtsev@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i0uy3j:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i0dus8:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="5992">Security 2022-05-30</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10750" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Steps To Reproduce</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;Install and configure MongoDB as documented.&lt;/p&gt;

&lt;p&gt;Start the mongod service.&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                    <customfieldvalue><![CDATA[edwin.zhou@mongodb.com]]></customfieldvalue>
    

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i0uk8v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>