On 24/04/2018 19:27, Gionatan Danti wrote:
Hi all,
I bump this old thread because I have troubles relocating MongoDB due to
its selinux policy dening symlink access.
Goal: to relocate /var/lib/mongo to /tank/graylog/var/lib/mongo/ with
minimal alteration to the original selinux policy.
What I did:
semanage fcontext -a -e /var/lib/mongo /tank/graylog/var/lib/mongo
mv /var/lib/mongo /tank/graylog/var/lib/mongo
ln -s /tank/graylog/var/lib/mongo /var/lib/mongo
restorecon /var/lib/mongo
systemctl restart mongod
Result:
MongoDB does not start. Issuing "cat /var/log/audit/audit.log |
audit2allow" show the following error: "allow mongod_t
mongod_var_lib_t:lnk_file read;"
Questions:
- apart from reconfiguring MongoDB to directly point to the new
location, what else I can do (short to create a custom selinux policy)
to allow access to /var/lib/mongo symlink?
- why is lnk_file read denied by default in some policies (ie: MongoDB,
MySQL, libvirt, etc)?
Hi all,
any thoughts on the matter?
Thanks.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx
GPG public key ID: FF5F32A8
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
