MQ

 View Only

 MQ HA RDQM

Peter Roemer's profile image
Peter Roemer posted Fri October 10, 2025 06:58 AM

Hi all,

We have MQ HA RDQM running on SELinux. During the installation, the command "semanage permissive -a drbd_t" was not executed.

In the log we see the message: "SELinux is preventing /usr/sbin/drbdsetup from getattr access on the netlink_generic_socket labeled drbd_t.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that drbdsetup should be allowed getattr access on netlink_generic_socket labeled drbd_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'drbdsetup' --raw | audit2allow -M my-drbdsetup#012# semodule -X 300 -i my-drbdsetup.pp#012"

Can we still execute the command on a running MQ environment without stopping the queuemanager, or is there something we need to take care of ?

Greetings,

Peter

Peter Roemer's profile image
Peter Roemer posted Mon November 03, 2025 05:35 AM

Hmmm, Nobody ???

John Hawkins's profile image
John Hawkins posted Tue November 04, 2025 05:06 AM

Hi Peter,

this is not an expert answer in terms of security but an educated guess I'm afraid....

Given that drbd handles the replication of the local storage then I'm surprised you have a working and replicating QM. However, ignoring that... Do the QM actually run and replicate transaction data across the nodes? That, I would guess, is the ramification of the issue. I would end the QM and allow the suggested access and restart. It might work without the stop/start but ending the QM is unpainful one would hope.

hope that helps !

John.

Related Content