DOCS-15224 update selinux policy (#979)

Dave · web-flow · commit b5c3ce180d44 · 2022-04-20T10:58:13.000-04:00
* DOCS-15224 update selinux policy

* Vertical line space

* Vertical line space

* Vertical line space
diff --git a/source/includes/fact-selinux-redhat-options.rst b/source/includes/fact-selinux-redhat-options.rst
@@ -67,26 +67,33 @@ to your SELinux policy:
 
 #. Create a custom policy file :file:`mongodb_proc_net.te`:
 
-   .. code-block:: bash
+   .. code-block:: none
 
       cat > mongodb_proc_net.te <<EOF
       module mongodb_proc_net 1.0;
 
       require {
-              type sysctl_net_t;
-              type mongod_t;
-              class dir search;
-              class file { getattr open read };
+          type cgroup_t;
+          type configfs_t;
+          type file_type;
+          type mongod_t;
+          type proc_net_t;
+          type sysctl_fs_t;
+          type var_lib_nfs_t;
+
+          class dir { search getattr };
+          class file { getattr open read };
       }
- 
-      #============= mongod_t ==============
-
-      #!!!! This avc is allowed in the current policy
-      allow mongod_t sysctl_net_t:dir search;
-      allow mongod_t sysctl_net_t:file open;
 
-      #!!!! This avc is allowed in the current policy
-      allow mongod_t sysctl_net_t:file { getattr read };
+      #============= mongod_t ==============
+      allow mongod_t cgroup_t:dir { search getattr } ;
+      allow mongod_t cgroup_t:file { getattr open read };
+      allow mongod_t configfs_t:dir getattr;
+      allow mongod_t file_type:dir { getattr search };
+      allow mongod_t file_type:file getattr;
+      allow mongod_t proc_net_t:file { open read };
+      allow mongod_t sysctl_fs_t:dir search;
+      allow mongod_t var_lib_nfs_t:dir search;
       EOF
 
 #. Once created, compile and load the custom policy module by
