Load the
PowerFlex Security-Enhanced Linux (SELinux) module and prepare to deploy it or run it on the system.
Steps
Ensure that you are in the correct folder for SELinux, using the command:
pwd
Expected location:
/var/PowerFlex_SELinux/
Go to the folder, if necessary.
To load the policy and additional settings without impacting a deployed system, run the following command to set the current state of SELinux to Permissive state:
setenforce 0
Run the following command to load the SELinux module:
semodule -i dell-vxflex.pp -vv
Expected result:
Attempting to install module 'dell-vxflex.pp':
Ok: return value of 0.
Committing changes:
Ok: transaction number 0
Run the following command:
restorecon -RF /opt/emc
This command corrects any missing labels in all directories and files in
/opt/emc.
Configure the
PowerFlex ports in SELinux:
NOTE: Only run commands on the relevant node. For example, if the
PowerFlex presentation server or
PowerFlex Gateway is on a stand-alone node, do not enable the MDM, SDS, SDR, or LIA ports.
For relevant port information, see "Port usage and changing default ports" in the
PowerFlex Security Guide corresponding to the
PowerFlex version you are using.
If the default ports settings were changed for any process, update the command below accordingly (for example, for the
PowerFlex presentation server https port).
/usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 25620;
/usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 9011;
/usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 6611;
/usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 7611;
/usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 25600;
/usr/sbin/semanage port -N -a -t vxflex_lia_port_t -p tcp 9099 ;
/usr/sbin/semanage port -N -a -t vxflex_sdr_port_t -p tcp 11088;
/usr/sbin/semanage port -N -a -t vxflex_sds_port_t -p tcp 7072;
/usr/sbin/semanage port -N -a -t vxflex_sds_port_t -p tcp 25640;
/usr/sbin/semanage port -N -a -t vxflex_gateway_port_t -p tcp 443;
/usr/sbin/semanage port -N -a -t vxflex_gateway_port_t -p tcp 8080;
NOTE: Ports 443 and 8080 are usually enabled by default in SELinux and might return the following error:
ValueError: Port tcp/443 already defined
ValueError: Port tcp/8080 already defined
In this case, proceed. This is a valid error.
/usr/sbin/semanage port -N -a -t vxflex_mgmt_port_t -p tcp 8443;
/usr/sbin/semanage port -N -a -t vxflex_mgmt_port_t -p tcp 8080;
Run the following command:
setenforce 1
This command changes the SELinux state to the targeted state for the current run time.
Repeat the steps above on all nodes that will run with SELinux.
Results
Preparation of the operating system on all nodes for
PowerFlex running in SELinux is now complete. Proceed with deployment, or continue to use your system if it is already deployed.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\