Please enter search query.
Search <product_name> all support & community content...
Article: 100022474
Last Published: 2020-08-06
Ratings: 2 1
Product(s): NetBackup & Alta Data Protection
Problem
DOCUMENTATION: SELinux interaction with NetBackup.
Solution
OVERVIEW:
NetBackup 7.x and above is qualified with the default installation of RHEL which has SELinux configured in 'enforcing' mode.
Installing and running NetBackup on RHEL with SELinux in permissive mode is expected to work, but generate a very large number of log messages about NetBackup accessing libraries, etc., that SELinux has not been configured to allow.
Installing and running NetBackup on RHEL with SELinux in enforcing mode will not work unless the system administrator for the machine configures SELinux to allow NetBackup the types of accesses that 'permissive' mode allows but for which 'permissive' SELinux logs an error message.
SOLUTION / WORKAROUND:
1) Set SELinux to 'disabled' and leave it 'disabled'. This is known to work.
2) Set SELinux to 'permissive' and leave it 'permissive'. This should work, but may generate large SELinux log files and CPU overhead.
3) Below is a series of steps which may allow NetBackup installation on an RHEL system with a goal of configuring SELinux to work in 'enforcing'.
Note: in this scenario, SELinux would never be set to 'disabled', only to 'permissive'.
A) Set SELinux in permissive mode to install and configure NetBackup
B) Test backup, restore, and other operations
C) Review the SELinux logs to see what files need security context changes and allow permissions
D) Set SELinux to enforcing again
E) Reboot to verify that SELinux stays in enforcing mode
F) Retest NetBackup backup, restore, and other operations while observing the SELinux logs for additional adjustments
G) If there are any subsequent problems with SELinux, the logs should show what the problem is. The system administrator can make further SELinux changes as needed.
NetBackup 7.x and above is qualified with the default installation of RHEL which has SELinux configured in 'enforcing' mode.
Installing and running NetBackup on RHEL with SELinux in permissive mode is expected to work, but generate a very large number of log messages about NetBackup accessing libraries, etc., that SELinux has not been configured to allow.
Installing and running NetBackup on RHEL with SELinux in enforcing mode will not work unless the system administrator for the machine configures SELinux to allow NetBackup the types of accesses that 'permissive' mode allows but for which 'permissive' SELinux logs an error message.
SOLUTION / WORKAROUND:
1) Set SELinux to 'disabled' and leave it 'disabled'. This is known to work.
2) Set SELinux to 'permissive' and leave it 'permissive'. This should work, but may generate large SELinux log files and CPU overhead.
3) Below is a series of steps which may allow NetBackup installation on an RHEL system with a goal of configuring SELinux to work in 'enforcing'.
Note: in this scenario, SELinux would never be set to 'disabled', only to 'permissive'.
A) Set SELinux in permissive mode to install and configure NetBackup
B) Test backup, restore, and other operations
C) Review the SELinux logs to see what files need security context changes and allow permissions
D) Set SELinux to enforcing again
E) Reboot to verify that SELinux stays in enforcing mode
F) Retest NetBackup backup, restore, and other operations while observing the SELinux logs for additional adjustments
G) If there are any subsequent problems with SELinux, the logs should show what the problem is. The system administrator can make further SELinux changes as needed.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.