XCOM "Could not open CAOPENSSL crypto shared library" (fapolicyd)
search cancel

XCOM "Could not open CAOPENSSL crypto shared library" (fapolicyd)

book

Article ID: 272511

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Linux PC

Issue/Introduction

After installing XCOM for Linux 12.0 a secure/SSL loopback transfer test fails with errors:

Could not open CAOPENSSL crypto shared library, errno is 0, errmsg is /opt/CA/SharedComponents/CAPKI/CAPKI5/Linux/amd64/64/lib/libcaopenssl_crypto.so: cannot open shared object file: Operation not permitted
Could not open CAOPENSSL crypto shared library, errno is 0, errmsg is /opt/CA/SharedComponents/CAPKI/CAPKI5/Linux/amd64/64/lib/libcaopenssl_crypto.so: cannot open shared object file: Operation not permitted
2023/08/29 04:43:33 TID=000006
    #XCOMU0298E Unable to allocate remote transaction program: Txpi  701: Received remote data block at 0X7FFC45AAFE50 starting with invalid EyeCatcher 0X436F756C (Could not open C); expected 0x98765432.

Cause

The RHEL 8 File Access Policy Daemon had been installed and was running (Stop unauthorized applications with RHEL 8's File Access Policy Daemon

Resolution

To enable secure transfers:
Add the CAPKIHOME directory to the fapolicyd trusted list:
fapolicyd-cli --file add /opt/CA/SharedComponents/CAPKI/CAPKI5/ --trust-file myapp
Update the fapolicyd database:
fapolicyd-cli --update
To verify if it is added successfully:
fapolicyd-cli -D | grep -i CAPKI

Additional Information

Red Hat Enterprise Linux > 8 > Security hardening > Chapter 14. Blocking and allowing applications using fapolicyd

Powered by Wolken Software