Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Snapshot Manager for Data Center Administrator's Guide
  5. Troubleshooting
  7. (SELinux) Storage array plug-in configuration failure for custom port
NetBackup™ Snapshot Manager for Data Center Administrator's Guide

(SELinux) Storage array plug-in configuration failure for custom port

Explanation:

NetBackup version 10.4 and later support SELinux on NetBackup Snapshot Manager for Data Center hosts to communicate between the Snapshot Manager for Data Center and the storage arrays.

For successful plug-in configuration, the port used for REST API communication in the plug-in configuration must have an entry in the CIL.

For Custom port configuration, add the Port entry in the CIL before the Storage array plug-in configuration.

Workaround:

  1. To confirm if there any custom ports to be allowed, run:

    ausearch --start today -m avc -se VRTSflexsnap.process | audit2allow

    Error log:

     
#============= VRTSflexsnap.process ==============
allow VRTSflexsnap.process reserved_port_t:tcp_socket name_connect;

  2. Run the command:

    # flexsnap_configure updatecil -i

    You can see the following output: 

    Following SElinux updates detected for Snapshot Manager.
    allow VRTSflexsnap.process reserved_port_t:tcp_socket name_connect;
Do you want to update Snapshot Manager's SELinux policy? (y/n): y
Updating runtime SELinux policy ...done

  3. To confirm if all the port denials are allowed, run:

    flexsnap_configure updatecil

    Permission denials are covered by the runtime policy

  4. For changes to take effect, run:

    flexsnap_configure restart

Feedback

Was this page helpful?
Previous

Backup from snapshot job fails with time out error

Next

Execution fails for the flexsnap_preinstall.sh command.

Feedback

Was this page helpful?