Selinux errors for mongod

gawainxr · May 12, 2022, 7:30pm

I’m seeing the following errors in logs,

May 12 12:27:24 vmlogserv01 setroubleshoot[1284]: SELinux is preventing /usr/bin/mongod from search access on the directory fs. For complete SELinux messages run: sealert -l 4be00375-4c19-44e4-b349-389d1bab392c

Is this normal or did I miss a step during setup, as far as I can tell everything appears to be working though?

gsmith · May 12, 2022, 11:15pm

Hello,

This is normal, Selinux is doing it job for security.

If you want to fix this alert, here are some steps needed to resolve it.

I’m using CentOS 7 for the example below if you still want to have Selinux Enforced.

Troubleshooting SELinux

First, check the status of SELinux and make sure it is set to permissive. To use these following commands, insure sealert is installed you may need to install it

How to install and configure “setroubleshootd” on CentOS/RHEL – The Geek Diary

# sestatus

Check that SELinux is enabled, the policy is ‘targeted’ and the mode is set to ‘permissive’:

SELinux status: enabled
Loaded policy name: targeted
Current mode: permissive

If you had to configure Selinux in permissive’ mode a REBOOT is needed.

Now, use sealert command to check for issues in audit.log.

# sealert -a /var/log/audit/audit.log

The output may look lengthy at first, but don’t fret! Once you start looking at each report, you’ll see it is actually very useful. It will start with “SELinux is preventing” and provide a confidence level for each suggested fix.

The output will show the command/s for fixing that issue. What you will see is SElinux will show the issue and then show how to fix this with a command line.

EXAMPLE: It should look something like this.

# audit2allow -M my-sedispatch | semodule -i my-sedispatch.pp

What that does is it creates a module and then installs it.

Once you fix the alerts needed, reset Selinux back to enforce mode and reboot.

Next Option

Set Selinux in permissive mode, and reboot. This is not suggested if this is a production environment.
If you have not worked with Selinux and want to keep you settings do not disable Selinux because the next time you want to use Selinux those setting will be gone. It best to leave it in Permissive mode. This Mode will not provide security nor will it remove any settings. Permissive mode is basically stating,

“I see a issue but I’m not doing anything about it”

Done

gsmith · May 13, 2022, 4:13am

@gawainxr
I just checked the documentation ,please look here

system · May 27, 2022, 4:13am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Constant SELinux errors on Graylog MongoDB nodes Graylog Central (peer support)	1	1870	December 5, 2018
Server Gateway slow down the Graylog GUI Graylog Central (peer support)	4	1304	January 4, 2018
Multi Node Graylog Setup problem Graylog Central (peer support)	2	937	March 20, 2019
Graylog-server Failed Graylog Central (peer support)	10	1147	February 17, 2023
Unable to run graylog server (Couldn't run validator method) Graylog Central (peer support)	1	569	February 20, 2021

Selinux errors for mongod

Related topics