Selinux errors for mongod

I’m seeing the following errors in logs,

May 12 12:27:24 vmlogserv01 setroubleshoot[1284]: SELinux is preventing /usr/bin/mongod from search access on the directory fs. For complete SELinux messages run: sealert -l 4be00375-4c19-44e4-b349-389d1bab392c

Is this normal or did I miss a step during setup, as far as I can tell everything appears to be working though?


This is normal, Selinux is doing it job for security.

If you want to fix this alert, here are some steps needed to resolve it.

I’m using CentOS 7 for the example below if you still want to have Selinux Enforced.

Troubleshooting SELinux

First, check the status of SELinux and make sure it is set to permissive. To use these following commands, insure sealert is installed you may need to install it

# sestatus

Check that SELinux is enabled, the policy is ‘targeted’ and the mode is set to ‘permissive’:

SELinux status: enabled
Loaded policy name: targeted
Current mode: permissive

If you had to configure Selinux in permissive’ mode a REBOOT is needed.

Now, use sealert command to check for issues in audit.log.

# sealert -a /var/log/audit/audit.log

The output may look lengthy at first, but don’t fret! Once you start looking at each report, you’ll see it is actually very useful. It will start with “SELinux is preventing” and provide a confidence level for each suggested fix.

The output will show the command/s for fixing that issue. What you will see is SElinux will show the issue and then show how to fix this with a command line.

EXAMPLE: It should look something like this.

# audit2allow -M my-sedispatch | semodule -i my-sedispatch.pp

What that does is it creates a module and then installs it.

Once you fix the alerts needed, reset Selinux back to enforce mode and reboot.

Next Option

Set Selinux in permissive mode, and reboot. This is not suggested if this is a production environment.
If you have not worked with Selinux and want to keep you settings do not disable Selinux because the next time you want to use Selinux those setting will be gone. It best to leave it in Permissive mode. This Mode will not provide security nor will it remove any settings. Permissive mode is basically stating,

“I see a issue but I’m not doing anything about it”


I just checked the documentation ,please look here

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.