Description of problem:
Some SElinux permission issue on mongod.pid causing mongo to fail to start.
ERROR: Cannot write pid file to /var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid: Permission denied

Version-Release number of selected component (if applicable):
6.9.4

How reproducible:
Uncertain, manually reproducible by changing the SELinux context.

Steps to Reproduce:
1. Happens because of SElinux issues
2.
3.

Actual results:
ERROR: Cannot write pid file to /var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid: Permission denied

Expected results:
No issues

Additional info:
[root@ktordeur-satellite-latest ~]# systemctl status rh-mongodb34-mongod
● rh-mongodb34-mongod.service - High-performance, schema-free document-oriented database
Loaded: loaded (/usr/lib/systemd/system/rh-mongodb34-mongod.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2021-10-06 14:46:41 CEST; 27min ago

Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: Starting High-performance, schema-free document-oriented database...
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan mongodb-scl-helper[9440]: about to fork child process, waiting until server is ready for connections.
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan mongodb-scl-helper[9440]: forked process: 9445
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[9445]: [main] ERROR: Cannot write pid file to /var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid: Permission denied
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan mongodb-scl-helper[9440]: ERROR: child process failed, exited with error number 1
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: rh-mongodb34-mongod.service: control process exited, code=exited status=1
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: Failed to start High-performance, schema-free document-oriented database.
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: Unit rh-mongodb34-mongod.service entered failed state.
Oct 06 14:46:41 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: rh-mongodb34-mongod.service failed.

1. ls -lZ /var/opt/rh/rh-mongodb34/run
   drwxr-xr-x. mongodb root system_u:object_r:var_t:s0 mongodb

1. getfacl /var/opt/rh/rh-mongodb34/run/mongodb/
   ~~~
   getfacl: Removing leading '/' from absolute path names
2. file: var/opt/rh/rh-mongodb34/run/mongodb/
3. owner: mongodb
4. group: root
   user::rwx
   group::r-x
   other::r-x
   ~~~

1. sudo -u mongodb touch /var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid

[root@ktordeur-satellite-latest ~]# ls -lZ /var/opt/rh/rh-mongodb34/run/mongodb/
~~~
rw-rr-. mongodb mongodb unconfined_u:object_r:var_t:s0 mongod.pid
~~~

~~~
type=AVC msg=audit(1633526478.479:49897): avc: denied

for pid=12152 comm="mongod" name="mongodb" dev="dm-0" ino=68799459 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1633526478.479:49897): avc: denied

for pid=12152 comm="mongod" name="mongod.pid" scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1633526478.479:49897): avc: denied

for pid=12152 comm="mongod" name="mongod.pid" scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=AVC msg=audit(1633526478.479:49897): avc: denied

for pid=12152 comm="mongod" path="/var/opt/rh/rh-mongodb34/run/mongodb/mongod.pid" dev="dm-0" ino=68796704 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
~~~

1. systemctl start rh-mongodb34-mongod.service
   Job for rh-mongodb34-mongod.service failed because the control process exited with error code. See "systemctl status rh-mongodb34-mongod.service" and "journalctl -xe" for details.
   [root@ktordeur-satellite-latest ~]# setenforce 0
   [root@ktordeur-satellite-latest ~]# systemctl start rh-mongodb34-mongod.service
   [root@ktordeur-satellite-latest ~]# systemctl status rh-mongodb34-mongod.service
   ● rh-mongodb34-mongod.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/usr/lib/systemd/system/rh-mongodb34-mongod.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-10-06 15:25:59 CEST; 11s ago
   Process: 12241 ExecStart=/opt/rh/rh-mongodb34/root/usr/libexec/mongodb-scl-helper enable $RH_MONGODB34_SCLS_ENABLED – /opt/rh/rh-mongodb34/root/usr/bin/mongod $OPTIONS run (code=exited, status=0/SUCCESS)
   Main PID: 12246 (mongod)
   Tasks: 20
   CGroup: /system.slice/rh-mongodb34-mongod.service
   └─12246 /opt/rh/rh-mongodb34/root/usr/bin/mongod -f /etc/opt/rh/rh-mongodb34/mongod.conf run

Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] ** We suggest setting it to 'never'
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten]
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] ** We suggest setting it to 'never'
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten]
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongod.27017[12246]: [thread1] waiting for connections on port 27017
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan mongodb-scl-helper[12241]: child process started successfully, parent exiting
Oct 06 15:25:59 ktordeur-satellite-latest.sysmgmt.lan systemd[1]: Started High-performance, schema-free document-oriented database.