Configuring SELinux for Commvault

Important

If the current loaded policy name is targeted (appears in the output of the sestatus command, in the Loaded policy name field), then do not configure the following steps. The following steps are applicable only if the Loaded policy name field displays MLS.

If you have MLS enabled in enforcing mode on the client computer, perform the following steps as a root user:

Steps

Commands

Content of the policy files

1.

Log on to the client computer as a root user.

2.

Enable the following SELinux booleans:

  • allow_execmem

  • allow_execstack

  • allow_ypbind

setsebool -P allow_execmem 1
setsebool -P allow_execstack 1
setsebool -P allow_ypbind 1

3.

Go to the to /usr/share/selinux/devel directory.

4.

Create a file filename.te where filename is the name of the UNIX file created to save the policy module statement. We recommend to use the same name for policy module and the file.
For example, when you create a policy module for backup_IDA application, you can use the file name backup_IDA.te.

vi backup_IDA.te

backup_IDA.te

5.

Create a policy file from command line.

make backup_IDA.pp

6.

Execute the command to install the module.

semodule -i backup_IDA.pp

7.

Install Commvault. Installation must complete successfully without any issues.

8.

Verify that all Commvault services are up and running.

commvault list

9.

Continue to perform back and restore operations.

If you find any issues, see Troubleshooting SELinux Configuration.

Loading...