A complete novice here. I’ve just installed vanilla-default MongoDB and right away SELinux shows denials: ... SELinux is preventing /usr/bin/mongod from search access on the directory /var/lib/containers/storage/overlay-containers/fe6f1040c1373930efe68c777805ecd4c921631e3a87b8806af1fe0cdf266d8b/userdata/shm. For complete SELinux messages run: sealert -l 5263cddc-183a-472b-9098-bf4599c8453c ...
What is Mongo’s business in checking such path (and there is more)? - I refuse to believe (yet) that my Mongo is trojaned.
That is the pretty much the whole message. next would be whole sealert and left at the end would be a custom SE module to “fix” this. But just from looking at those syslog errors - what MongoDB want from:
… SELinux is preventing /usr/bin/mongod from search access on the directory /var/lib/containers/storage/overlay. For complete SELinux messages run: sealert -l 5263cddc-183a-472b-9098-bf4599c8453c
or… SELinux is preventing /usr/bin/mongod from search access on the directory /proc/sys/fs/binfmt_misc. For complete SELinux messages run: sealert -l e2430433-e3b9-4bd9-9ac1-9616418c8612
another one: SELinux is preventing /usr/bin/mongod from search access on the directory /var/lib/nfs/rpc_pipefs. For complete SELinux messages run: sealert -l bc61357c-c100-4d44-a43a-5b90008b44b8
Seem these three paths MongoDB attempts to access repeatedly and then data inside /var/lib/containers/storage/overlay
This must be trivially easy to reproduce - I’m on Centos Stream with mongodb-org-server-6.0.11-1.el9.x86_64
Like I said - it would be to show whole sealert - you need that?
There won’t much more apart some details - but in the essence, SELinux is already saying that MongoDB has no business looking there & that on it’s own is valid question/issue enough.
It looks like, if not the culprit, that - ftdc - is a player here.