(SELinux) Storage array plug-in configuration failure for custom port

Explanation:

NetBackup version 10.4 and later support SELinux on NetBackup Snapshot Manager for Data Center hosts to communicate between the Snapshot Manager for Data Center and the storage arrays.

For successful plug-in configuration, the port used for REST API communication in the plug-in configuration must have an entry in the CIL.

For Custom port configuration, add the Port entry in the CIL before the Storage array plug-in configuration.

Workaround:

To confirm if there any custom ports to be allowed, run:
ausearch --start today -m avc -se VRTSflexsnap.process | audit2allow
Error log:
```
 
#============= VRTSflexsnap.process ==============
allow VRTSflexsnap.process reserved_port_t:tcp_socket name_connect;
```

Run the command:

# flexsnap_configure updatecil -i

You can see the following output:

Following SElinux updates detected for Snapshot Manager.
    allow VRTSflexsnap.process reserved_port_t:tcp_socket name_connect;
Do you want to update Snapshot Manager's SELinux policy? (y/n): y
Updating runtime SELinux policy ...done

To confirm if all the port denials are allowed, run:
flexsnap_configure updatecil
Permission denials are covered by the runtime policy
For changes to take effect, run:
flexsnap_configure restart

(SELinux) Storage array plug-in configuration failure for custom port

Feedback

Feedback