Customer has chosen to use a non-standard partition for DLP. They have symbolic links so that DLP works correctly but indexing (EDM/IDM) does not work.
SEVERE [com.vontu.manager.struts.ProtectActionProcessor] access denied ("java.io.FilePermission" "<path>/datafiles/upload_temp" "write")
Cause:
java.security.AccessControlException: access denied ("java.io.FilePermission" "<path>/datafiles/upload_temp" "write")
SEVERE [com.vontu.profiles.manager.database.DataSourceIndexCreator] Unexpected exception while creating EVENT_PARAMETER_I18NKEY##profiles.message.Exact_Data_Profile_Version##<EDM Name>##<version>
Cause:
java.security.AccessControlException: access denied ("java.io.FilePermission" "<path>/index/DataSource.x.x.idx" "delete")
SEVERE [com.vontu.profiles.manager.database.DataSourceIndexCreator] Unexpected error occurred while creating EVENT_PARAMETER_I18NKEY##profiles.message.Exact_Data_Profile_Version##5##1. access denied ("java.io.FilePermission" "<path>/index/DataSource.x.x.idx" "delete")
Even though symbolic links have been created and DLP is functioning fine the underlying Java architecture cannot follow symbolic links for file/directory operations (such as write or delete). This can be proven by creating the expected folder structure, putting the source files in place, and attempting an index again (it will succeed). The cause is two-fold; first we need to tell DLP where to look for index data then we need to tell Java it has the needed permissions.
In order to index in a non-standard partition/directory setup we need to modify the manager.policy file as well as the Protect.properties file.
manager.policy
We will need to give Java permission to operate in the new folder. To do this, find the two entries for:
permission java.io.FilePermission "/var/SymantecDLP${/}-", "read,write,delete";
Copy this line and paste it immediately below. Modify the "/var/SymantecDLP" with the new partition. Do this for both entries. Example:
permission java.io.FilePermission "/var/SymantecDLP${/}-", "read,write,delete";
permission java.io.FilePermission "/data/SymantecRULES${/}-", "read,write,delete";
Make sure to keep the $ at the end.
Save and close the file.
Protect.properties
Modify the following entry:
# location of the EDM and IDM RAM index files (.rdx)
com.vontu.index.dir = /var/SymantecDLP/index
Change it to:
com.vontu.index.dir = /path/to/new/partition
Best practices is to create a backup. Easiest way is to copy/paste the line, comment out the original, and modify the copy. Example:
#com.vontu.index.dir = /var/SymantecDLP/index
com.vontu.index.dir = /data/SymantecRULES/index
Save and close the file.
Restart VontuManager and VontuMonitorController services.