Symptoms

The Data Domain (DD) maintenance is not updating.Errors similar those below are present and repeat in the UI and /var/log/messages file: May 7 10:59:59 avamar kernel: [ 7568.618233] type=1503 audit(1399474799.240:2873): operation="open" pid=16153 parent=1 profile="/sbin/syslog-ng" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 name="/space/avamar/var/ddrmaintlogs/ddrmaint.log" May 7 10:59:59 avamar syslog-ng[16153]: Error opening file for writing; filename='/usr/local/avamar/var/ddrmaintlogs/ddrmaint.log', error='Permission denied (13)' Event Type = INFORMATION Event Severity = OK Event Summary = kernel info: Jun 2 12:11:34 avamar kernel: [95815.834704] type=1400 audit(1496394694.774:46635): \apparmor="DENIED" operation="open" parent=1 profile="/sbin/syslog-ng" name="/space/avamar/var/ddrmaintlogs/ddrmaint.log" pid=12517 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=500 Software Source = DPN:Unknown Hardware Source = avamar Administrator Server = avamar Administrator Server version = 7.4.1-58 Avamar Server = avamar Avamar Server systemid = 1435653995@XX:XX:XX:XX:XX:XX Avamar Server version = 7.4.1-58 Backup & Recovery Manager Url = Data Domain System = dd2500.company.com Data Domain System OS version = 6.0.1.0-556307 Data Domain System serial number = FLB00XXXXXXXXX Event Data = Entry key = date Entry value = 2017/06/02 Entry key = code Entry value = 0007 Entry key = time Entry value = 09:11:43.83438 UTC Entry key = thread Entry value = log-messages:109 Entry key = type Entry value = INFO Entry key = message Entry value = kernel info: Jun 2 12:11:34 avamar kernel: [95815.834704] type=1400 audit(1496394694.774:46635): apparmor="DENIED" operation="open" parent=1 profile="/sbin/syslog-ng" name="/space/avamar/var/ddrmaintlogs/ddrmaint.log" pid=12517 comm="syslog-ng" requested_mask="w" denied_mask="w" fsuid=0 ouid=500 Entry key = nodeid Entry value = 0.0 Event Type = INFORMATION Event Severity = OK Event Summary = kernel info: Jun 2 12:06:33 avamar kernel: [95514.923513] audit_printk_skb: 42 callbacks suppressed Software Source = DPN:Unknown Hardware Source = avamar Administrator Server = avamar Administrator Server version = 7.4.1-58 Avamar Server = avamar Avamar Server systemid = 1435653995@XX:XX:XX:XX:XX:XX Avamar Server version = 7.4.1-58 Backup & Recovery Manager Url = Data Domain System = dd2500.company.com Data Domain System OS version = 6.0.1.0-556307 Data Domain System serial number = FLB00XXXXXXXXX Event Data = Entry key = date Entry value = 2017/06/02 Entry key = code Entry value = 0007 Entry key = time Entry value = 09:06:43.70637 UTC Entry key = thread Entry value = log-messages:109 Entry key = type Entry value = INFO Entry key = message Entry value = kernel info: Jun 2 12:06:33 avamar kernel: [95514.923513] audit_printk_skb: 42 callbacks suppressed Entry key = nodeid Entry value = 0.0

Cause

The problem is caused by the default (restrictive) AppArmor profiles being enabled.

Resolution

To resolve the issue, AppArmor must be stopped and disabled on startup: 1. Log in to the Avamar Utility Node as admin. 2. Elevate to root privilege. 3. Verify that AppArmor is enabled: /etc/init.d/boot.apparmor status Sample output: apparmor module is loaded. 10 profiles are loaded. 10 profiles are in enforce mode. /usr/sbin/ntpd /usr/sbin/identd /sbin/klogd /sbin/syslogd /sbin/syslog-ng /usr/sbin/traceroute /usr/sbin/nscd /usr/sbin/mdnsd /bin/ping /usr/sbin/avahi-daemon 0 profiles are in complain mode. 2 processes have profiles defined. 2 processes are in enforce mode : /sbin/syslog-ng (16153) /sbin/klogd (16156) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. 4. If running, stop the AppArmor process: /etc/init.d/boot.apparmor stop 5. Verify that AppArmor is stopped: /etc/init.d/boot.apparmor status Sample output: apparmor module is loaded. 0 profiles are loaded. 0 profiles are in enforce mode. 0 profiles are in complain mode. 0 processes have profiles defined. 0 processes are in enforce mode : 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. 6. Verify that the ddrmaint.log (/usr/local/avamar/var/ddrmaintlogs/ddrmaint.log) is being updated. 7. Review the /etc/init.d/after.local file and verify that it contains the following line: insserv -r boot.apparmor (Edit the file and add the line if necessary.)

Support Cases