Bug 1340251 - avc: denied { execmem } when starting mongod on a fresh F24 installation
Summary: avc: denied { execmem } when starting mongod on a fresh F24 installation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mongodb
Version: 24
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Marek Skalický
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-26 20:38 UTC by Randy Barlow
Modified: 2016-06-18 18:57 UTC (History)
8 users (show)

Fixed In Version: mongodb-3.2.6-4.fc24
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-18 18:57:42 UTC
Type: Bug


Attachments (Terms of Use)

Description Randy Barlow 2016-05-26 20:38:48 UTC
Description of problem:
On a fresh F24 installation I am unable to start mongod with SELinux in enforcing mode.

Version-Release number of selected component (if applicable):
mongodb-server-3.2.6-2.fc24.x86_64

How reproducible:
Every time.

Steps to Reproduce:
1. $ sudo dnf install -y mongodb-server
2. $ sudo systemctl start mongod

Actual results:
$ sudo systemctl start mongod
Job for mongod.service failed because a fatal signal was delivered to the control process. See "systemctl status mongod.service" and "journalctl -xe" for details.

Expected results:
Mongod should start

Additional info:
$ sudo grep mongo /var/log/audit/audit.log
type=AVC msg=audit(1464294964.308:135): avc:  denied  { execmem } for  pid=805 comm="mongod" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process permissive=0
type=ANOM_ABEND msg=audit(1464294964.308:136): auid=4294967295 uid=184 gid=991 ses=4294967295 subj=system_u:system_r:init_t:s0 pid=805 comm="mongod" exe="/usr/bin/mongod" sig=11
type=SERVICE_START msg=audit(1464294964.313:137): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=mongod comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

$ sudo audit2allow -al


#============= init_t ==============
allow init_t self:process execmem;

Comment 1 Randy Barlow 2016-05-26 20:47:25 UTC
Hello Nathan!

It looks like https://bodhi.fedoraproject.org/updates/FEDORA-2016-eae91c887b fixes this issue too. I'll go ahead and mark this as MODIFIED, but you may want to add it to the Bodhi update. Thanks for fixing this before I even reported it!

Comment 2 Randy Barlow 2016-05-26 20:52:13 UTC
According to Bodhi, it looks like Marek Skalický fixed this issue. Thanks!

Comment 3 Marek Skalický 2016-05-27 09:01:38 UTC
Hi Randy,
thanks for testing MongoDB and reporting issues!

I've added this bug to Bodhi update.

Comment 4 Fedora Update System 2016-05-27 09:01:56 UTC
mongodb-3.2.6-4.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-eae91c887b

Comment 5 Fedora Update System 2016-06-18 18:57:26 UTC
mongodb-3.2.6-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.