Info
Previous summary: "collMod oplog entries on `admin.system.version` fail initial sync"
Top User Comments
william.schultz commented on Mon, 26 Feb 2018 17:13:20 +0000:
Filed SERVER-33490 to implement these fixes.
william.schultz commented on Mon, 26 Feb 2018 17:09:28 +0000:
This logic in applyCommand_inlock bans any commands that operate on the admin.system.version namespace other than "dropDatabase", "applyOps", or "dbCheck" during initial sync. This logic in applyOperation_inlock disallows any CRUD operations that try to modify the Feature Compatibility Version document in the admin.system.version collection. The simplest fix for the fuzzer would probably be to blacklist the following:
CRUD ops that operate on the admin.system.version namespace
Any command that operates on the admin.system.version namespace, except for applyOps, dropDatabase, or dbCheck. It may be easiest in the fuzzer to check if it's a command, check the namespace it operates on, and then check if it's one of the whitelisted command. If not, ignore it.
judah.schvimer commented on Fri, 9 Feb 2018 14:40:40 +0000:
Most of the failing is done here: https://github.com/mongodb/mongo/blob/7a97a67879f171eb8bd6748c4a7e1bcd8f328490/src/mongo/db/repl/oplog.cpp#L1526-L1541 and here: https://github.com/mongodb/mongo/blob/7a97a67879f171eb8bd6748c4a7e1bcd8f328490/src/mongo/db/repl/oplog.cpp#L1080-L1092
spencer commented on Thu, 8 Feb 2018 21:21:38 +0000:
We should just ban collMod on admin.system.version in the access control system.
