View Issue Details

IDProjectCategoryView StatusLast Update
0018489CentOS-7selinux-policypublic2022-07-26 09:26
ReporterNaso Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionnot fixable 
OS Version7 
Summary0018489: SELinux is preventing /usr/bin/mongod from 'search' accesses on the cartella /sys/fs/cgroup.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/mongod from 'search' accesses on the cartella /sys/fs/cgroup.

***** Plugin catchall (100. confidence) suggests **************************

Se ci credi mongod dovrebbe essere consentito search accesso al cgroup directory per impostazione predefinita.
Then si dovrebbe riportare il problema come bug.
E' possibile generare un modulo di politica locale per consentire questo accesso.
Do
allow this access for now by executing:
# ausearch -c 'mongod' --raw | audit2allow -M my-mongod
# semodule -i my-mongod.pp

Additional Information:
Source Context system_u:system_r:mongod_t:s0
Target Context system_u:object_r:cgroup_t:s0
Target Objects /sys/fs/cgroup [ dir ]
Source mongod
Source Path /usr/bin/mongod
Port <Unknown>
Host (removed)
Source RPM Packages mongodb-org-server-4.0.28-1.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-268.el7_9.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1160.71.1.el7.x86_64 #1 SMP
                              Tue Jun 28 15:37:28 UTC 2022 x86_64 x86_64
Alert Count 1
First Seen 2022-07-26 09:47:23 CEST
Last Seen 2022-07-26 09:47:23 CEST
Local ID 16a45e24-e33a-4fd2-97b3-2f43ff23311f

Raw Audit Messages
type=AVC msg=audit(1658821643.829:130): avc: denied { search } for pid=1844 comm="mongod" name="/" dev="tmpfs" ino=12298 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=0


type=SYSCALL msg=audit(1658821643.829:130): arch=x86_64 syscall=open success=no exit=EACCES a0=55933609fe10 a1=0 a2=1b6 a3=34363232393738 items=0 ppid=1 pid=1844 auid=4294967295 uid=987 gid=981 euid=987 suid=987 fsuid=987 egid=981 sgid=981 fsgid=981 tty=(none) ses=4294967295 comm=mongod exe=/usr/bin/mongod subj=system_u:system_r:mongod_t:s0 key=(null)

Hash: mongod,mongod_t,cgroup_t,dir,search

Version-Release number of selected component:
selinux-policy-3.13.1-268.el7_9.2.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-1160.71.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash9e20e312250b0abca32ea2a5c58a8a752ccf796a77f8220c94d4daa32fd85247
URL

Activities

ManuelWolfshant

ManuelWolfshant

2022-07-26 09:26

manager   ~0038963

Please try to relabel the folder where mongod is located:
restorecon -Rv /usr/bin

If this does not solve your problem, you could open a ticket at bugzilla.redhat.com. But since RHEL 7 is in maintenance mode and mongo is not provided by RH, most probably your request will be rejected

Issue History

Date Modified Username Field Change
2022-07-26 08:10 Naso New Issue
2022-07-26 09:26 ManuelWolfshant Status new => closed
2022-07-26 09:26 ManuelWolfshant Resolution open => not fixable
2022-07-26 09:26 ManuelWolfshant Note Added: 0038963