Problem
VxFS mount failed with error "no security xattr handler" in RHEL 7.6 SELinux enabled environment (both permissive and enforcing)
Error Message
# mount -t vxfs /dev/vx/dsk/mydg/myvol /myUX:vxfs mount.vxfs: ERROR: V-3-23731: mount failed.
/var/log/messages:Jan 7 12:18:57 server102 kernel: SELinux: (dev VxVM10000, type vxfs) has no security xattr handler
Problem observed with selinux in both permissive / enforcing modes.
# uname -aLinux server102 3.10.0-957.el7.x86_64 #1 SMP Thu Oct 4 20:48:51 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
# sestatusSELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
Cause
The RHEL 7.6 selinux-policy package is upgraded to add support to VxFS filesystems. With that upgrade VxFS filesystems need to able to store the extended attribute "security.selinux". Only VxFS Disk Layout Version (DLV) 11 or above are capable of storing this SELinux extended attribute. DLV 11 is available on VxFS version 7.1 and onward. VxFS 6.x and 7.0 only supports DLV 10 and below, and hence with VxFS 6.x or 7.0 VxFS filesystem will not be able to mount successfully on RHEL 7.6 with SELinux enabled.
https://access.redhat.com/solutions/3168651
RFE: Supporting Veritas VxFS filesystems in selinux-policy
Solution
SELinux support in permissive and enforcing modes is available from VxFS 7.1 with Disk Layout Version 11 and above . But please note that there are bugs and performance issues with SELinux in early version of VxFS 7.x, for example, in file creation and other SELinux usage cases. Those issues are fixed in 7.4.1. Running SELinux in permissive mode will not be a problem in 7.1 or above if SELinux features are not used on the VxFS filesystems.
In order to have full SELinux support please upgrade to Veritas InfoScale 7.4.1 or applying VxFS patch 7.4.0.1400.
See also:
https://www.veritas.com/support/en_US/article.100044306
'Operation not supported' error when using the 'chcon' command with SELinux in permissive mode on InfoScale 7.4/rhel7.5
Related Knowledge Base Articles
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.