What's MongoDB business in "other" filesystem paths? SELinux

Hi guys.

A complete novice here. I’ve just installed vanilla-default MongoDB and right away SELinux shows denials:
... SELinux is preventing /usr/bin/mongod from search access on the directory /var/lib/containers/storage/overlay-containers/fe6f1040c1373930efe68c777805ecd4c921631e3a87b8806af1fe0cdf266d8b/userdata/shm. For complete SELinux messages run: sealert -l 5263cddc-183a-472b-9098-bf4599c8453c ...
What is Mongo’s business in checking such path (and there is more)? - I refuse to believe (yet) that my Mongo is trojaned.

Many thanks, L.

What did the complete messages say?

That is the pretty much the whole message. next would be whole sealert and left at the end would be a custom SE module to “fix” this. But just from looking at those syslog errors - what MongoDB want from:

SELinux is preventing /usr/bin/mongod from search access on the directory /var/lib/containers/storage/overlay. For complete SELinux messages run: sealert -l 5263cddc-183a-472b-9098-bf4599c8453c
or…
SELinux is preventing /usr/bin/mongod from search access on the directory /proc/sys/fs/binfmt_misc. For complete SELinux messages run: sealert -l e2430433-e3b9-4bd9-9ac1-9616418c8612
another one:
SELinux is preventing /usr/bin/mongod from search access on the directory /var/lib/nfs/rpc_pipefs. For complete SELinux messages run: sealert -l bc61357c-c100-4d44-a43a-5b90008b44b8

Seem these three paths MongoDB attempts to access repeatedly and then data inside /var/lib/containers/storage/overlay

This must be trivially easy to reproduce - I’m on Centos Stream with mongodb-org-server-6.0.11-1.el9.x86_64

Well, do you see “the complete SELinux message” by running the command it gives you?

Like I said - it would be to show whole sealert - you need that?
There won’t much more apart some details - but in the essence, SELinux is already saying that MongoDB has no business looking there & that on it’s own is valid question/issue enough.

It looks like, if not the culprit, that - ftdc - is a player here.

Intersting. Maybe @Tarun_Gaur knows the answer?

Likely this is the case FTDC iterates over mounts to report on disk usage.