Additional info: libreport version: 2.0.13 kernel: 3.5.3-1.fc17.x86_64 description: :SELinux is preventing /usr/bin/mongod from 'remove_name' accesses on the directory prealloc.0. : :***** Plugin catchall_labels (83.8 confidence) suggests ******************** : :If you want to allow mongod to have remove_name access on the prealloc.0 directory :Then você precisará mudar o rótulo em prealloc.0 :Do :# semanage fcontext -a -t FILE_TYPE 'prealloc.0' :onde FILE_TYPE é um dos seguintes: var_log_t, var_run_t, mongod_var_lib_t, mongod_var_run_t, mongod_log_t, mongod_tmp_t, tmp_t, root_t. :Então execute: :restorecon -v 'prealloc.0' : : :***** Plugin catchall (17.1 confidence) suggests *************************** : :If você acredita que o mongod deva ser permitido acesso de remove_name em prealloc.0 directory por default. :Then você precisa reportar este como um erro. :Você pode gerar um módulo de política local para permitir este acesso. :Do :permitir este acesso agora executando: :# grep mongod /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:mongod_t:s0 :Target Context system_u:object_r:var_lib_t:s0 :Target Objects prealloc.0 [ dir ] :Source mongod :Source Path /usr/bin/mongod :Port <Desconhecido> :Host (removed) :Source RPM Packages mongo-10gen-server-2.2.0-mongodb_1.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-146.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.5.3-1.fc17.x86_64 #1 SMP Wed Aug : 29 18:46:34 UTC 2012 x86_64 x86_64 :Alert Count 2 :First Seen 2012-09-06 20:01:05 BRT :Last Seen 2012-09-06 20:02:43 BRT :Local ID 6bb7d8f8-4fd5-4f27-bd92-ff0c9dce607f : :Raw Audit Messages :type=AVC msg=audit(1346972563.464:169): avc: denied { remove_name } for pid=6425 comm="mongod" name="prealloc.0" dev="sda3" ino=789406 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir : : :type=AVC msg=audit(1346972563.464:169): avc: denied { rename } for pid=6425 comm="mongod" name="prealloc.0" dev="sda3" ino=789406 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file : : :type=SYSCALL msg=audit(1346972563.464:169): arch=x86_64 syscall=rename success=yes exit=0 a0=7f342fafa748 a1=7f342faec798 a2=fffffffffffffb40 a3=7fff86d350e0 items=0 ppid=6424 pid=6425 auid=4294967295 uid=988 gid=982 euid=988 suid=988 fsuid=988 egid=982 sgid=982 fsgid=982 tty=(none) ses=4294967295 comm=mongod exe=/usr/bin/mongod subj=system_u:system_r:mongod_t:s0 key=(null) : :Hash: mongod,mongod_t,var_lib_t,dir,remove_name : :audit2allow : :#============= mongod_t ============== :allow mongod_t var_lib_t:dir remove_name; :allow mongod_t var_lib_t:file rename; : :audit2allow -R : :#============= mongod_t ============== :allow mongod_t var_lib_t:dir remove_name; :allow mongod_t var_lib_t:file rename; :
Created attachment 610562 [details] File: type
Created attachment 610563 [details] File: hashmarkername
What is a path to "prealloc.0"? You have probably mislabeled /var/lib/mongodb directory. Try to execute # restorecon -R -v /var/lib/mongodb and if it does not help, please reopen the bug. Thank you.