**************************#012#012If you believe that mongod should be allowed getattr access on the cgroup directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'ftdc' --raw | audit2allow -M my-ftdc#012# semodule -i my-ftdc.pp#012 Aug 3 23:58:48 localhost setroubleshoot: failed to retrieve rpm info for /sys/fs/cgroup Aug 3 23:58:48 localhost setroubleshoot: SELinux is preventing /usr/bin/mongod from search access on the directory /sys/fs/cgroup. For complete SELinux messages run: sealert -l 8df77a62-a31a-4213-8d52-f65ae3ffce6f Aug 3 23:58:48 localhost python: SELinux is preventing /usr/bin/mongod from search access on the directory /sys/fs/cgroup.#012#012***** Plugin catchall (100. confidence) suggests
上面日志中可以看到原因是:/usr/bin/mongod from search access on the directory /sys/fs/cgroup
(setroubleshoot:123729): Gtk-WARNING **: 15:02:31.126: Locale not supported by C library. Using the fallback 'C' locale. SELinux is preventing /usr/bin/mongod from search access on the directory /sys/fs/cgroup.
If you believe that mongod should be allowed search access on the cgroup directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mongod' --raw | audit2allow -M my-mongod # semodule -i my-mongod.pp
Additional Information: Source Context system_u:system_r:mongod_t:s0 Target Context system_u:object_r:cgroup_t:s0 Target Objects /sys/fs/cgroup [ dir ] Source mongod Source Path /usr/bin/mongod Port <Unknown> Host localhost.localdomain Source RPM Packages mongodb-org-server-6.0.0-1.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-268.el7.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name vmcommon Platform Linux vmcommon 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 Alert Count 184449 First Seen 2022-08-02 11:11:38 CST Last Seen 2022-08-04 14:52:59 CST Local ID 8df77a62-a31a-4213-8d52-f65ae3ffce6f
Raw Audit Messages type=AVC msg=audit(1659595979.0:3727845): avc: denied { search } for pid=75904 comm="ftdc" name="/" dev="tmpfs" ino=1164 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=0