Re: Symlink or bind mount?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24/04/2018 19:27, Gionatan Danti wrote:
Hi all,
I bump this old thread because I have troubles relocating MongoDB due to its selinux policy dening symlink access.

Goal: to relocate /var/lib/mongo to /tank/graylog/var/lib/mongo/ with minimal alteration to the original selinux policy.

What I did:
semanage fcontext -a -e /var/lib/mongo /tank/graylog/var/lib/mongo
mv /var/lib/mongo /tank/graylog/var/lib/mongo
ln -s /tank/graylog/var/lib/mongo /var/lib/mongo
restorecon /var/lib/mongo
systemctl restart mongod

Result:
MongoDB does not start. Issuing "cat /var/log/audit/audit.log | audit2allow" show the following error: "allow mongod_t mongod_var_lib_t:lnk_file read;"

Questions:
- apart from reconfiguring MongoDB to directly point to the new location, what else I can do (short to create a custom selinux policy) to allow access to /var/lib/mongo symlink? - why is lnk_file read denied by default in some policies (ie: MongoDB, MySQL, libvirt, etc)?


Hi all,
any thoughts on the matter?

Thanks.

--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx
GPG public key ID: FF5F32A8
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux