View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0018489 | CentOS-7 | selinux-policy | public | 2022-07-26 08:10 | 2022-07-26 09:26 |
| Reporter | Naso | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | not fixable | ||
| OS Version | 7 | ||||
| Summary | 0018489: SELinux is preventing /usr/bin/mongod from 'search' accesses on the cartella /sys/fs/cgroup. | ||||
| Description | Description of problem: SELinux is preventing /usr/bin/mongod from 'search' accesses on the cartella /sys/fs/cgroup. ***** Plugin catchall (100. confidence) suggests ************************** Se ci credi mongod dovrebbe essere consentito search accesso al cgroup directory per impostazione predefinita. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do allow this access for now by executing: # ausearch -c 'mongod' --raw | audit2allow -M my-mongod # semodule -i my-mongod.pp Additional Information: Source Context system_u:system_r:mongod_t:s0 Target Context system_u:object_r:cgroup_t:s0 Target Objects /sys/fs/cgroup [ dir ] Source mongod Source Path /usr/bin/mongod Port <Unknown> Host (removed) Source RPM Packages mongodb-org-server-4.0.28-1.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 x86_64 Alert Count 1 First Seen 2022-07-26 09:47:23 CEST Last Seen 2022-07-26 09:47:23 CEST Local ID 16a45e24-e33a-4fd2-97b3-2f43ff23311f Raw Audit Messages type=AVC msg=audit(1658821643.829:130): avc: denied { search } for pid=1844 comm="mongod" name="/" dev="tmpfs" ino=12298 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1658821643.829:130): arch=x86_64 syscall=open success=no exit=EACCES a0=55933609fe10 a1=0 a2=1b6 a3=34363232393738 items=0 ppid=1 pid=1844 auid=4294967295 uid=987 gid=981 euid=987 suid=987 fsuid=987 egid=981 sgid=981 fsgid=981 tty=(none) ses=4294967295 comm=mongod exe=/usr/bin/mongod subj=system_u:system_r:mongod_t:s0 key=(null) Hash: mongod,mongod_t,cgroup_t,dir,search Version-Release number of selected component: selinux-policy-3.13.1-268.el7_9.2.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1160.71.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 9e20e312250b0abca32ea2a5c58a8a752ccf796a77f8220c94d4daa32fd85247 | ||||
| URL | |||||
 |
Please try to relabel the folder where mongod is located: restorecon -Rv /usr/bin If this does not solve your problem, you could open a ticket at bugzilla.redhat.com. But since RHEL 7 is in maintenance mode and mongo is not provided by RH, most probably your request will be rejected |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-07-26 08:10 | Naso | New Issue | |
| 2022-07-26 09:26 | ManuelWolfshant | Status | new => closed |
| 2022-07-26 09:26 | ManuelWolfshant | Resolution | open => not fixable |
| 2022-07-26 09:26 | ManuelWolfshant | Note Added: 0038963 |
