Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Snapshot Manager for Cloud Install and Upgrade Guide
  3. Section II. NetBackup Snapshot Manager for Cloud maintenance
  4. Troubleshooting NetBackup Snapshot Manager for Cloud
  5. Issues with SELinux configuration
NetBackup™ Snapshot Manager for Cloud Install and Upgrade Guide

Issues with SELinux configuration

If you enable SELinux on systems where it has been previously disabled or if you run a service in a non-standard configuration, then SELinux configurations issues are observed.

SELinux denials are signs of incorrect configuration.

Workaround:

Perform the following:

  1. Check the SELinux audit logs for Snapshot Manager related denials using ausearch utility as follows:

    # ausearch -m avc -se VRTSflexsnap.process | audit2allow

    allow VRTSflexsnap.process container_var_lib_t:dir watch;

    allow VRTSflexsnap.process container_var_lib_t:file watch;

  2. Identify the Snapshot Manager related SELinux denials and apply corresponding policy changes using the following command:

    # flexsnap_configure updatecil -i

    Following are the SELinux policy updates detected for Snapshot Manager:

    allow VRTSflexsnap.process default_t:dir create;
    
    allow VRTSflexsnap.process default_t:file { create read };
    
    Do you want to update Snapshot Manager's SELinux policy? (y/n): y
    
    Updating runtime SELinux policy ...done

    For changes to take effect, run the following command:

    flexsnap_configure restart

  3. Validate the policy change by using the following command:

    # ausearch -m avc -se VRTSflexsnap.process | audit2allow

    For validation the following message must be displayed:

    !!!! This avc is allowed in the current policy
    allow VRTSflexsnap.process container_var_lib_t:dir watch;
     
    !!!! This avc is allowed in the current policy
    allow VRTSflexsnap.process container_var_lib_t:file watch;

Feedback

Was this page helpful?
Previous

Snapshot Manager failed to retrieve the specified cloud domain(s), against the specified plugin instance

Next

Performance issues with OCI backup from snapshot and restore from backup copy

Feedback

Was this page helpful?