-
Bug
-
Resolution: Won't Do
-
Normal
-
None
-
rhel-9.5
-
None
-
No
-
Moderate
-
rhel-security-selinux
-
ssg_security
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
-
x86_64
-
None
What were you trying to do that didn't work?
Customer using using mongodb-org-7.0.17-1 (yes, third party repository) on a fully up-to-date RHEL 9.5 and we're seeing AVC denied messages like this:
— 8< —
type=AVC msg=audit(1741185265.001:1288855): avc: denied { read } for pid=1906972 comm="ftdc" name="file-nr" dev="proc" ino=15273 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1741185265.001:1288855): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55aafe099dc0 a2=0 a3=0 items=0 ppid=1 pid=1906972 auid=4294967295 uid=993 gid=991 euid=993 suid=993 fsuid=993 egid=991 sgid=991 fsgid=991 tty=(none) ses=4294967295 comm="ftdc" exe="/usr/bin/mongod" subj=system_u:system_r:mongod_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="mongod" GID="mongod" EUID="mongod" SUID="mongod" FSUID="mongod" EGID="mongod" SGID="mongod" FSGID="mongod"
type=PROCTITLE msg=audit(1741185265.001:1288855): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66
— 8< —
What is the impact of this issue to you?
Application stops working
--------------------------------------------------------------------------------------------------
As this is 3rd party AVC denials cu found below 2 commits which resolved their issue.
- https://github.com/fedora-selinux/selinux-policy/commit/06bf83d8a20adca40821107c6f4d589a59bb76b9
- https://github.com/fedora-selinux/selinux-policy/commit/c8a9ae3cad80de41c04ae83a81d5aca2e6f4259b
Expectation from cu :
Theie request is to see if we can backport these 2 commits from upstream Fedora into RHEL 9.5 OR not.
