SELinux interaction with NetBackup.

SELinux interaction with NetBackup.

Article: 100022474
Last Published: 2017-12-06
Ratings: 1 1
Product(s): NetBackup

Problem

DOCUMENTATION: SELinux interaction with NetBackup.

Solution

OVERVIEW:

NetBackup 7.x and above is qualified with the default installation of RHEL which has SELinux configured in 'enforcing' mode.

Installing and running NetBackup on RHEL with SELinux in permissive mode may work, but generate a very large number of log messages about NetBackup accessing libraries, etc., that SELinux has not been configured to allow.

Installing and running NetBackup on RHEL with SELinux in enforcing mode will not work unless the system administrator for the machine configures SELinux to allow NetBackup the types of accesses that 'permissive' mode allows but for which 'permissive' SELinux logs an error message.

SOLUTION / WORKAROUND:

1) Set SELinux to 'disabled' and leave it 'disabled'.  This is known to work.

2) Set SELinux to 'permissive' and leave it 'permissive'.  This should work, but may generate large SELinux log files and CPU overhead.

3) Below is a series of steps which may allow NetBackup installation on an RHEL system with a goal of configuring SELinux to work in 'enforcing'. 

  Note: in this scenario, SELinux would never be set to 'disabled', only to 'permissive'.

  A) Set SELinux in permissive mode to install and configure NetBackup
 
  B) Test backup, restore, and other operations
 
  C) Review the SELinux logs to see what files need security context changes and allow permissions
 
  D) Set SELinux to enforcing again

  E) Reboot to verify that SELinux stays in enforcing mode

  F) Retest NetBackup backup, restore, and other operations while observing the SELinux logs for additional adjustments
 
  G) If there are any subsequent problems with SELinux, the logs should show what the problem is.  The system administrator can make further SELinux changes as needed.
 

Was this content helpful?