Hello Community
Before make the change in prod env, I have mounted a new iscsi LUN(no multipath) on a MA (Rhl8.7) in a lab env and configured it for Commvault library. Also completed the first backup on this mount.
I'm attempting to enable Commvault ransomware protection for this new mount.
During this process, I received a message stating that the operation would be disruptive and required the update of the fstab conf file for both local and network file systems. After confirming the operation by entering 'y,' a policy was created/added in the cvstorage module.
Issue:
Even though the process was carried out, but fstab was not updated for both mounts. It was expected that the process would involve unmounting the mount and updating fstab for it, as indicated in the following output:
2023-xx-xx 22:18:05,387 - __main__ - INFO - unmounting 'XXX_mount_name'
2023-xx-xx22:18:05,412 - __main__ - INFO - updating fstab with security 'XXX_mount_name'
However, the process doesn’t run umount/update fstab/remount, and there were no errors reported in the log(see log below).
I had to manually add <context="system_u:object_r:cvstorage_t:s0" > to fstab for the two mounts and reboot server then restart_cv_services to load commvault selinux policy for the new mounts
I'm wondering if this is normal or something I did wrong or if cvsecurity.py needs to be updated to include this function. thanks
***log cut ***
it is a disruptive operation. local and network fs remounted with fstab conf file update. continue[y/n]:y
2023-03-17 13:22:00,291 - __main__ - INFO - library /DiskLib/lun01/L86CIY_03.17.2023_17.12/CV_MAGNETIC
2023-03-17 13:22:00,292 - __main__ - INFO - get_mount_context
2023-03-17 13:22:00,292 - __main__ - INFO - get_mount_point
2023-03-17 13:22:00,292 - __main__ - INFO - path /DiskLib/lun01/L86CIY_03.17.2023_17.12/CV_MAGNETIC mount_point /DiskLib/lun01
2023-03-17 13:22:00,292 - __main__ - INFO - library /DiskLib/lun01/L86CIY_03.17.2023_17.12/CV_MAGNETIC mount context rw,seclabel,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
2023-03-17 13:22:00,292 - __main__ - INFO - get_file_context
fcontext=system_u:object_r:cvstorage_t:s0
2023-03-17 13:22:00,293 - __main__ - INFO - library /DiskLib/lun01/L86CIY_03.17.2023_17.12/CV_MAGNETIC file context system_u:object_r:cvstorage_t:s0
2023-03-17 13:22:00,294 - __main__ - INFO - library /DiskLib/lun02/E0QNGV_03.17.2023_17.14/CV_MAGNETIC
2023-03-17 13:22:00,294 - __main__ - INFO - get_mount_context
2023-03-17 13:22:00,294 - __main__ - INFO - get_mount_point
2023-03-17 13:22:00,294 - __main__ - INFO - path /DiskLib/lun02/E0QNGV_03.17.2023_17.14/CV_MAGNETIC mount_point /DiskLib/lun02
2023-03-17 13:22:00,294 - __main__ - INFO - library /DiskLib/lun02/E0QNGV_03.17.2023_17.14/CV_MAGNETIC mount context rw,seclabel,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota
2023-03-17 13:22:00,294 - __main__ - INFO - get_file_context
fcontext=system_u:object_r:cvstorage_t:s0
2023-03-17 13:22:00,294 - __main__ - INFO - library /DiskLib/lun02/E0QNGV_03.17.2023_17.14/CV_MAGNETIC file context system_u:object_r:cvstorage_t:s0
2023-03-17 13:22:00,294 - __main__ - INFO - start create_linux_file_policy
2023-03-17 13:22:00,295 - __main__ - INFO - start load_cv_policy_file
2023-03-17 13:22:00,295 - __main__ - INFO - start load_cv_policy_linux_file
2023-03-17 13:22:00,296 - __main__ - INFO - start build_policy
2023-03-17 13:22:00,511 - __main__ - INFO - CV security policy build succeeded
2023-03-17 13:22:00,511 - __main__ - INFO - start load_policy
2023-03-17 13:22:45,352 - __main__ - INFO - CV security policy loaded
2023-03-17 13:22:45,353 - __main__ - INFO - start set_registry_entry
2023-03-17 13:22:45,355 - __main__ - INFO -
Please reboot the system for enabling ransomware protection.
2023-03-17 13:22:45,357 - __main__ - INFO - exiting
Best answer by Damian Andre
View original
