On 11/19/2014 12:38 PM, drago01 wrote: > On Wed, Nov 19, 2014 at 6:19 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> On 11/19/2014 09:16 AM, Paul Knox-Kennedy wrote: >>> On a clean installation built from >>> Fedora-Live-Workstation-x86_64-21_Beta-4.iso, I installed mongodb-server >>> but it failed to start due to selinux: "SELinux is preventing mongod >>> from name_bind access on the tcp_socket port 27017." >>> >>> Following the selinux instructions from the journal resolves this: >>> # grep mongod /var/log/audit/audit.log | audit2allow -M mypol >>> # semodule -i mypol.pp >>> >>> Should I bugzilla this, and if so, is it against mongodb or >>> selinux-policy? >> Is this a standard port the mongodb should be listening on? > http://docs.mongodb.org/manual/reference/default-mongodb-port/ > > Seems like the answer is yes. Well I guess this is why you shouldn't fly blind. Could you actually show me the actual AVC message. It should be in the bottom of the alert. Looks like it already is labeled mongod_port_t. sepolicy network -p 27017 27017: tcp unreserved_port_t 1024-32767 27017: udp unreserved_port_t 1024-32767 27017: tcp mongod_port_t 27017-27019 Looks like I fixed a bug in git back in october Author: Dan Walsh <dwalsh@xxxxxxxxxx> Date: Mon Oct 27 19:18:21 2014 -0400 Allow mongodb to bind to the mongo port and mongos to run as mongod_t Looks like this has made it into F21 policy and Rawhide, but not in F20. /selinux-policy-3.13.1-98.fc21 Lukas could you back port this into RHEL7 and F20 policy. -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
