vxresize fails with - errno 13
Article ID: 100068316
Updated On:
Description
Error Message
UX:vxfs fsadm: ERROR: V-3-20305: cannot open /datavol1/lost+found/.fsadm - errno 13
VxVM vxresize ERROR V-5-1-7514 Problem running fsadm command for volume datavol1, in diskgroup datadg1
Cause
This happens when Selinux mode is Enforcing and file system has the context value which, restricting fadm access. Here we saw "Type (usr_t)"
Customer Permissions on lost+found
drwxr-xr-x. 2 dp-postgres dp-postgres system_u:object_r:usr_t:s0 96 Jun 4 10:25 lost+found <<<
Resolution
Selinux has the labels below:
User (system_u): The SELinux user identity.
Role (object_r): The SELinux role.
Type (usr_t): The SELinux type, which defines the access rights. <<<<
Level (s0): The security level (MLS/MCS).
Permissions on lost+found in a problem environment:
drwxr-xr-x. 2 dp-postgres dp-postgres system_u:object_r:usr_t:s0 96 Jun 4 10:25 lost+found <<<<<<
File system with default permissions.
[root@server101 ~]# ls -Z /datavol1
system_u:object_r:unlabeled_t:s0 lost+found
$ cat selinux/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
Resize of file system will happen successfully with default permissions.
[root@server101 config]# df -h |grep -i vx
/dev/vx/dsk/datadg1/datavol1 2.1G 20M 2.0G 1% /datavol1
/dev/vx/dsk/cvrdg/cvrvol-01 5.0G 37M 4.7G 1% /mnt_cvrvol-01
[root@server101]# vxresize -g datadg1 datavol1 +100m
[root@server101 ]# df -h |grep -i vx
/dev/vx/dsk/datadg1/datavol1 2.2G 20M 2.1G 1% /datavol1
/dev/vx/dsk/cvrdg/cvrvol-01 5.0G 37M 4.7G 1% /mnt_cvrvol-01
## To reproduce the issue, added the user_t context on the file system matching the problem file system.
[root@server101 ~]# chcon system_u:object_r:usr_t:s0 /datavol1
[root@server101 ~]# chcon system_u:object_r:usr_t:s0 /datavol1/lost+found
[root@server101 ~]# ls -Z /datavol1
system_u:object_r:usr_t:s0 lost+found
Vxresize failed with the same error.
[root@server101 ~]# vxresize -g datadg1 datavol1 +100m
UX:vxfs fsadm: ERROR: V-3-20305: cannot open /datavol1/lost+found/.fsadm - errno 13
VxVM vxresize ERROR V-5-1-7514 Problem running fsadm command for volume datavol1, in diskgroup datadg1
## Now, if we change the setting of selinux and set it from "enforcing" to "permissive", vxresize will work.
[root@server101 ~]# setenforce 0
[root@server101 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive <<<<<<<
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
[root@server101 ~]# vxresize -g datadg1 datavol1 +100m
[root@server101 ~]#
[root@server101 ]# df -h |grep -i vx
/dev/vx/dsk/datadg1/datavol1 2.3G 20M 2.2G 1% /datavol1
/dev/vx/dsk/cvrdg/cvrvol-01 5.0G 37M 4.7G 1% /mnt_cvrvol-01
As mentioned and shown above, due to current selinux settings, vxresize is failing. The work around is to set Selinux with Permissive mode while doing vxresize and revert back to Enforcing once it is done.
Note: Instead of changing the selinux mode, we can fix the problem by cautiously changing the context value with the right permissions or restoring it to default.
Issue/Introduction
