INC-2026-03-10: vault-backup.service SELinux Failure

Incident Summary

Field Value

Field	Value
Detected	2026-03-10 ~02:21 UTC (timer run)
Resolved	2026-03-10 15:33 UTC
Duration	~13 hours (overnight, fixed in morning)
Severity	P3 (Medium) - Backups failing, no data loss
Impact	Automated Vault backups to NAS not running
Root Cause	SELinux `rsync_t` domain cannot execute `ssh_exec_t` by default

Detected

2026-03-10 ~02:21 UTC (timer run)

Resolved

2026-03-10 15:33 UTC

Duration

~13 hours (overnight, fixed in morning)

Severity

P3 (Medium) - Backups failing, no data loss

Impact

Automated Vault backups to NAS not running

Root Cause

SELinux rsync_t domain cannot execute ssh_exec_t by default

Time (UTC) Event

Time (UTC)	Event
02:21	vault-backup.timer triggered, service failed with exit code 14
14:41	Investigation started during worklog review
15:19	Root cause identified: SELinux AVC denial
15:22	First fix attempt (audit2allow) - partial, new denial appeared
15:27	Second denial (`map`) - regenerated policy
15:29	Third denial (`search`, `read`) - decided on proper approach
15:32	Set rsync_t to permissive, ran service, captured ALL denials
15:33	Installed complete policy module, tested in enforcing mode - SUCCESS

02:21

vault-backup.timer triggered, service failed with exit code 14

14:41

Investigation started during worklog review

15:19

Root cause identified: SELinux AVC denial

15:22

First fix attempt (audit2allow) - partial, new denial appeared

15:27

Second denial (map) - regenerated policy

15:29

Third denial (search, read) - decided on proper approach

15:32

Set rsync_t to permissive, ran service, captured ALL denials

15:33

Installed complete policy module, tested in enforcing mode - SUCCESS