DOCSP-36304-Update-Selinux-Policy (#8408) (#8497)

ajhuh-mdb · Dave · web-flow · commit dca1564ffa94 · 2024-07-22T08:57:23.000-07:00
* DOCS-15224 update selinux policy (#979) * DOCS-15224 update selinux policy * Vertical line space * Vertical line space * Vertical line space * * --------- Co-authored-by: Dave <69165704+davemungo@users.noreply.github.com> (cherry picked from commit 65546d9)
diff --git a/source/includes/fact-selinux-redhat-options.rst b/source/includes/fact-selinux-redhat-options.rst
@@ -82,13 +82,27 @@ to your SELinux policy:
       module mongodb_proc_net 1.0;
 
       require {
-          type proc_net_t;
+          type cgroup_t;
+          type configfs_t;
+          type file_type;
           type mongod_t;
-          class file { open read };
+          type proc_net_t;
+          type sysctl_fs_t;
+          type var_lib_nfs_t;
+
+          class dir { search getattr };
+          class file { getattr open read };
       }
 
       #============= mongod_t ==============
+      allow mongod_t cgroup_t:dir { search getattr } ;
+      allow mongod_t cgroup_t:file { getattr open read };
+      allow mongod_t configfs_t:dir getattr;
+      allow mongod_t file_type:dir { getattr search };
+      allow mongod_t file_type:file getattr;
       allow mongod_t proc_net_t:file { open read };
+      allow mongod_t sysctl_fs_t:dir search;
+      allow mongod_t var_lib_nfs_t:dir search;
       EOF
 
 #. Once created, compile and load the custom policy module by
