Description of problem: Missing/bad policy for new/old files in mongodb and mongodb-server packages. Version-Release number of selected component (if applicable): mongodb-2.6.3-1.fc20.x86_64 mongodb-server-2.6.3-1.fc20.x86_64 How reproducible: always Steps to Reproduce: 1. fedpkg clone mongodb 2. <rebuild in mock (use e.g. mockk from git+ssh://jpacner.redhat.com/home/brq/jpacner/public_git/jpacner_rhpublic.git)> 3. <install the mock build and run tests> Actual results: Similar to https://bugzilla.redhat.com/show_bug.cgi?id=1086859 Expected results: Completely working servers, log files etc. Additional info: If you don't want to build mongodb yourself, here is the list of files: 0$ rpm -ql mongodb mongodb-server /usr/bin/bsondump /usr/bin/mongo /usr/bin/mongodump /usr/bin/mongoexport /usr/bin/mongofiles /usr/bin/mongoimport /usr/bin/mongooplog /usr/bin/mongoperf /usr/bin/mongorestore /usr/bin/mongosniff /usr/bin/mongostat /usr/bin/mongotop /usr/share/doc/mongodb /usr/share/doc/mongodb/README /usr/share/licenses/mongodb /usr/share/licenses/mongodb/APACHE-2.0.txt /usr/share/licenses/mongodb/GNU-AGPL-3.0.txt /usr/share/man/man1/bsondump.1.gz /usr/share/man/man1/mongo.1.gz /usr/share/man/man1/mongodump.1.gz /usr/share/man/man1/mongoexport.1.gz /usr/share/man/man1/mongofiles.1.gz /usr/share/man/man1/mongoimport.1.gz /usr/share/man/man1/mongooplog.1.gz /usr/share/man/man1/mongoperf.1.gz /usr/share/man/man1/mongorestore.1.gz /usr/share/man/man1/mongosniff.1.gz /usr/share/man/man1/mongostat.1.gz /usr/share/man/man1/mongotop.1.gz /etc/logrotate.d/mongodb /etc/mongodb-shard.conf /etc/mongodb.conf /etc/sysconfig/mongodb /etc/sysconfig/mongodb-shard /usr/bin/mongod /usr/bin/mongos /usr/lib/systemd/system/mongodb-shard.service /usr/lib/systemd/system/mongodb.service /usr/lib/tmpfiles.d/mongodb.conf /usr/share/man/man1/mongod.1.gz /usr/share/man/man1/mongos.1.gz /var/lib/mongodb /var/log/mongodb /var/run/mongodb
Here is our labeling currently. grep mongo /etc/selinux/targeted/contexts/files/file_contexts /var/lib/mongo.* system_u:object_r:mongod_var_lib_t:s0 /var/log/mongo.* system_u:object_r:mongod_log_t:s0 /var/run/mongo.* system_u:object_r:mongod_var_run_t:s0 /var/log/aeolus-conductor/dbomatic\.log.* -- system_u:object_r:mongod_log_t:s0 /usr/bin/mongod -- system_u:object_r:mongod_exec_t:s0 /etc/rc\.d/init\.d/mongod -- system_u:object_r:mongod_initrc_exec_t:s0 /var/run/aeolus/dbomatic\.pid -- system_u:object_r:mongod_var_run_t:s0 /usr/share/aeolus-conductor/dbomatic/dbomatic -- system_u:object_r:mongod_exec_t:s0 What should change?
MongoDB guys, Could you help us with update labeling for mongodb policy? Thank you!
/usr/bin/mongos should have same context as mongod (system_u:object_r:mongod_exec_t:s0) And also when I want to start mongod in rawhide, mongod_t should have allowed tcp_socket name_bind ( allow mongod_t mongod_port_t:tcp_socket {name_bind}; ) Additional Information: Source Context system_u:system_r:mongod_t:s0 Target Context system_u:object_r:mongod_port_t:s0 Target Objects port 27017 [ tcp_socket ] Source mongod Source Path mongod Port 27017 Host localhost.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-86.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing
f492f2c08a69e0ab0acb09d77cf2aea57977f32a fixes this in git.
Dan, push please.
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
selinux-policy-3.13.1-116.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-116.fc22
Package selinux-policy-3.13.1-116.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-116.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-3508/selinux-policy-3.13.1-116.fc22 then log in and leave karma (feedback).
selinux-policy-3.13.1-116.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days