Testing needed (mongodb)
Nathaniel McCallum
nathaniel at natemccallum.com
Tue Jan 17 19:23:24 UTC 2012
On Tue, Jan 17, 2012 at 2:12 PM, Jon VanAlten <jon.vanalten at redhat.com>wrote:
>
>
> ----- Original Message -----
> > From: "Nathaniel McCallum" <nathaniel at natemccallum.com>
> > To: "Development discussions related to Fedora" <
> devel at lists.fedoraproject.org>
> > Sent: Tuesday, January 17, 2012 1:24:25 PM
> > Subject: Testing needed (mongodb)
> >
> > I've built packages of MongoDB 2.0.2 for f15, f16 and f17. This
> > should be a
> > drop in replacement for your 1.8.x server. See
> >
> http://www.mongodb.org/display/DOCS/2.0+Release+Notes#2.0ReleaseNotes-Upgradingfor
> > further details.
> >
> > However, I had to rewrite the patch providing js 1.8.5 support. So
> > I'd like
> > some hands on testing before I push out this update.
> >
> > The builds should appear shortly in updates-testing and you can
> > provide here:
> > https://admin.fedoraproject.org/updates/mongodb-2.0.2-5.fc15
> > https://admin.fedoraproject.org/updates/mongodb-2.0.2-5.fc16
> >
> > Thanks!
> >
> > Nathaniel
> >
> > --
> > devel mailing list
> > devel at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/devel
>
> Hi,
>
> Am using the java driver not javascript so I can't really comment to your
> rewritten patch, but I can say that the F15 packages seem to be functioning
> fine as dropin replacement.
Great! And in fact you are using the javascript patch, it is used internally
by mongod. The patch itself, though long, is pretty much a menial changing
of function signatures, so I don't see a lot of risk here (or the compiler
would have yelled at me!).
> There is, however, a new SELinux alert (pasted below). I don't see
> anything terrible in /var/log/mongodb/mongodb.log and this alert doesn't
> seem to affect functionality.
>
Good catch! However, I'm not sure what the best way to fix this is. Any SELinux
folk care to comment?
> cheers,
> jon
>
> SELinux is preventing /usr/bin/mongod from getattr access on the file
> /proc/sys/vm/zone_reclaim_mode.
>
> ***** Plugin catchall (100. confidence) suggests
> ***************************
>
> If you believe that mongod should be allowed getattr access on the
> zone_reclaim_mode file by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep mongod /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context system_u:system_r:mongod_t:s0
> Target Context system_u:object_r:sysctl_vm_t:s0
> Target Objects /proc/sys/vm/zone_reclaim_mode [ file ]
> Source mongod
> Source Path /usr/bin/mongod
> Port <Unknown>
> Host <HOST>
> Source RPM Packages mongodb-server-2.0.2-5.fc15
> Target RPM Packages
> Policy RPM selinux-policy-3.9.16-48.fc15
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name toxin
> Platform Linux <HOST> 2.6.41.4-1.fc15.x86_64 #1 SMP
> Tue Nov
> 29 11:53:48 UTC 2011 x86_64 x86_64
> Alert Count 3
> First Seen Tue 17 Jan 2012 02:00:14 PM EST
> Last Seen Tue 17 Jan 2012 02:02:46 PM EST
> Local ID bc6ed9f8-5013-4aff-8b7d-c45c3add2e04
>
> Raw Audit Messages
> type=AVC msg=audit(1326826966.315:388): avc: denied { getattr } for
> pid=28298 comm="mongod" path="/proc/sys/vm/zone_reclaim_mode" dev=proc
> ino=515586 scontext=system_u:system_r:mongod_t:s0
> tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=file
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120117/46b1c27f/attachment-0001.html>
More information about the devel
mailing list