selang command "er FILE <resource name with asterisk>" returns an error, ERROR: Failed to create FILE

Document ID : KB000012072
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Following selang command returns an error.

AC> er FILE /usr2/pbloggz/lmwp22/* defacc(N) audit(F) owner(root)

 

ERROR: Failed to create FILE /usr2/pbloggz/lmwp22/*

File creation error in index system

 

Why does this selang command return the error?

Environment:
CA Privileged Identity Manager: 12.8 GA Unix EndpointOS: Redhat Linux 6.7 x64
Answer:

When trying to create Generic File rules (resource name includes asterisk) more than the number specified by token max_generic_file_rules in seos.ini, then this error message is output from selang.

To avoid this error, please increase the value of this token as below, or review whole FILE rules and decrease the number of Generic FILE rules.

# secons -s          # stop Privileged Identity Manager

# seini -f SEOS_syscall.max_generic_file_rules          # check current value

# seini -s SEOS_syscall.max_generic_file_rules 320   # expand the balue

# seload