-
Bug
-
Resolution: Won't Do
-
None
-
6.9.0
Description of problem:
Some SElinux permission issue on mongod.pid causing mongo to fail to start.
ERROR: Cannot write pid file to /var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid: Permission denied
Version-Release number of selected component (if applicable):
6.9.4
How reproducible:
Uncertain, manually reproducible by changing the SELinux context.
Steps to Reproduce:
1. Happens because of SElinux issues
2.
3.
Actual results:
ERROR: Cannot write pid file to /var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid: Permission denied
Expected results:
No issues
Additional info:
[root@ktordeur-satellite-latest ~]# systemctl status rh-mongodb34-mongod
● rh-mongodb34-mongod.service - High-performance, schema-free document-oriented database
Loaded: loaded (/usr/lib/systemd/system/rh-mongodb34-mongod.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2021-10-06 14:46:41 CEST; 27min ago
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: Starting High-performance, schema-free document-oriented database...
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan mongodb-scl-helper[9440]: about to fork child process, waiting until server is ready for connections.
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan mongodb-scl-helper[9440]: forked process: 9445
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[9445]: [main] ERROR: Cannot write pid file to /var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid: Permission denied
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan mongodb-scl-helper[9440]: ERROR: child process failed, exited with error number 1
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: rh-mongodb34-mongod.service: control process exited, code=exited status=1
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: Failed to start High-performance, schema-free document-oriented database.
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: Unit rh-mongodb34-mongod.service entered failed state.
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: rh-mongodb34-mongod.service failed.
- ls -lZ /var/opt/rh/rh-mongodb34/run
drwxr-xr-x. mongodb root system_u:object_r:var_t:s0 mongodb
- getfacl /var/opt/rh/rh-mongodb34/run/mongodb/
~~~
getfacl: Removing leading '/' from absolute path names - file: var/opt/rh/rh-mongodb34/run/mongodb/
- owner: mongodb
- group: root
user::rwx
group::r-x
other::r-x
~~~
- sudo -u mongodb touch /var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid
[root@ktordeur-satellite-latest ~]# ls -lZ /var/opt/rh/rh-mongodb34/run/mongodb/
~~~
rw-rr-. mongodb mongodb unconfined_u:object_r:var_t:s0 mongod.pid
~~~
~~~
type=AVC msg=audit(1633526478.479:49897): avc: denied
for pid=12152 comm="mongod" name="mongodb" dev="dm-0" ino=68799459 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1633526478.479:49897): avc: denied
for pid=12152 comm="mongod" name="mongod.pid" scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1633526478.479:49897): avc: denied
for pid=12152 comm="mongod" name="mongod.pid" scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=AVC msg=audit(1633526478.479:49897): avc: denied
for pid=12152 comm="mongod" path="/var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid" dev="dm-0" ino=68796704 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
~~~
- systemctl start rh-mongodb34-mongod.service
Job for rh-mongodb34-mongod.service failed because the control process exited with error code. See "systemctl status rh-mongodb34-mongod.service" and "journalctl -xe" for details.
[root@ktordeur-satellite-latest ~]# setenforce 0
[root@ktordeur-satellite-latest ~]# systemctl start rh-mongodb34-mongod.service
[root@ktordeur-satellite-latest ~]# systemctl status rh-mongodb34-mongod.service
● rh-mongodb34-mongod.service - High-performance, schema-free document-oriented database
Loaded: loaded (/usr/lib/systemd/system/rh-mongodb34-mongod.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-10-06 15:25:59 CEST; 11s ago
Process: 12241 ExecStart=/opt/rh/rh-mongodb34/root/usr/libexec/mongodb-scl-helper enable $RH_MONGODB34_SCLS_ENABLED – /opt/rh/rh-mongodb34/root/usr/bin/mongod $OPTIONS run (code=exited, status=0/SUCCESS)
Main PID: 12246 (mongod)
Tasks: 20
CGroup: /system.slice/rh-mongodb34-mongod.service
└─12246 /opt/rh/rh-mongodb34/root/usr/bin/mongod -f /etc/opt/rh/rh-mongodb34/mongod.conf run
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] ** We suggest setting it to 'never'
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten]
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] ** We suggest setting it to 'never'
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten]
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [thread1] waiting for connections on port 27017
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongodb-scl-helper[12241]: child process started successfully, parent exiting
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: Started High-performance, schema-free document-oriented database.
- external trackers
