Linux Patch Notes for CTE v7.8.0
CTE version | Date | Release Note version |
---|---|---|
v7.8.0.88 | 2025-06-17 | v1 |
v7.8.0.88 | 2025-08-29 | v2 |
Resolved Issues
-
AGT-64653: LDT with automount enabled does not work with
systemd automount
AFFECTED VERSIONS: 7.8.0.79
Automount was previously not supported with CTE. As of this release, CTE now supports automount with systemd.
-
AGT-64875: CTE Linux agent is not being registered with RWP on CipherTrust Data Security Platform Services
AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79
This has been fixed. Ransomware Protection support has been added to CipherTrust Data Security Platform Services.
-
AGT-65394: Extra data added to some files when renaming, during initial rekey on LDT NFS GP
AFFECTED VERSIONS: 7.8.0.79
Renaming files on secondary hosts of LDT GuardPoint Groups during rekey, may trigger single file level rekey operations on the renamed files. Execution of single file rekey during initial data transformation may incorrectly change the size of files smaller than 4K. This issue has been fixed.
-
AGT-65402: LDT with automount fails to guard when
autofs
is configured with direct mountAFFECTED VERSIONS: 7.8.0.79
Previously,
autofs
was not supported. CTE now supportsautofs
configured with direct mount. -
AGT-66185: Misleading error message when secondary attempt to access automount GuardPoint during single file rekey
AFFECTED VERSIONS: 7.8.0.79
Guarding an LDT automount NFS GuardPoint while a single file rekey operation is in progress on the primary client, resulted in an invalid GuardPoint status on the client that attempted to guard. This patch correctly sets the GuardPoint status on the client.
-
AGT-66216 [CS2141714]: Linux NAS setup with 3 nodes issues
AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79
The issue was caused by the notification to LDT if
umount
fails. The solution is that, regardless ofumount
success/failure, LDT is notified that the host must trigger election of a new primary for the GuardPoint. -
AGT-66295|AGT-66743: Directory within an autofs mount point fails to guard with
Ignored, AUTOFS but type is not automount
AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79
Guarding a directory within an
autofs
mount point directory is now supported. -
AGT-66366: User can create a directory inside the
vorm_ldtprivspace
AFFECTED VERSIONS: 7.8.0.79
Write access is supposed to be restricted to internal CTE binaries. The solution was to prevent any directory creation within the
vorm_ldtprivspace
. -
AGT-66424: The
setfacl
operation is not supported on a GuardPoint in RHEL 9.6AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79
There was a issue in setting access control lists for files and directories on a GuardPoint in RHEL 9.6. The issue has been fixed.
-
AGT-66457: [CS2135100]: Getting errors during agent installation when the host that didn't contain the SEManage package disabled SELinux
AFFECTED VERSIONS: 7.7.0.87 — 7.8.0.79
The user ran the
semanage
command even though the command was not present on the system. The solution checks for the presence of the SELinux related commands before running them. If they don't exist on the host, CTE does not run the commands. -
AGT-66484: Hardware Association Linux (HWSIG) value is not updating on the agent
AFFECTED VERSIONS: 7.8.0.79
The issue was caused by a setting in
registerhost
that setusing-hwsig:true
when it false. This has been fixed. -
AGT-66634: Deleting a directory using
rm -rf
creates aremove_file
FAM log instead of aremove_dir
logAFFECTED VERSIONS: 7.8.0.79
The issue was caused by an intercept that was logging FAM audit action as
remove_file
for all of the unlink operations for files or directories. The solution was to change CTE to appropriately log the action asremove_dir
in the FAM audit action for directory unlink. -
AGT-66720: Old primary with different automount GuardPoint path crashed on mutex_lock after rejoin during rekey
AFFECTED VERSIONS: 7.8.0.79
Promotion of a member of the LDT GuardPoint Group to primary role while the GuardPoint is mounted on different paths, resulted in failed rekey operations or system crash after the previous primary member guards and rejoins the LDT GuardPoint Group as a secondary member. The solution was to force LDT to update the MDS header during promotion of a member to primary role.
Known Issues
-
AGT-28604: Linux GlusterFS Trash Translate does not work if
.trashcan
directory is outside of GuardPointAFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88
CTE has an issue with subdirectories in Gluster FS. If a file deleted from a GuardPoint is moved to a subdirectory that is outside of the GuardPoint, then it shows only the garbage values because it is encrypted.
Currently, CipherTrust Transparent Encryption does not support the GlusterFS Trash Translator.
-
AGT-62836: The command to get the vm process logs dumped the logs into
vorvmd
during the first association of a FAM policy with CTEAFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88
These logs are generated when a FAM policy is pushed for the first time. They do not affect the functioning of FAM, or any other feature, and can be ignored.
-
AGT-65002: LDT-AutoFS: Not Removing Shadow directory after auto unmount of NAS mount point
AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88
Unmounting automount directories, configured as a CTE AutoGuard GuardPoint under an LDT policy protection, does not remove the mount point subdirectories that are dynamically created when mount points are auto-mounted.
-
AGT-65138: Files corrupted after restored from backup version key into exclude clear key then rotate key
AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88
Avoid restoring encrypted files, from a backup, into a directory which contains an LDT Exclusion key rule with clear_key. Although there is no issue with accessing such files after they are restored from a backup, those files will not be transformed to clear_key at the time of next rekey process across the GuardPoint. Consequently, the files appear to have been corrupted.
-
AGT-65631: COS | Internal server error observed if
awscli
is higher 2.23.0AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88
Starting with AWS CLI v2.23.0 and continuing with subsequent versions, AWS implemented enhanced and more efficient checksum algorithms. Therefore, customers needs to utilize an earlier version of the AWS CLI to accommodate this change. Use a version of
awscli
that is a previous version to v2.23.0. -
AGT-66297: No error message reported when accessing auto mount GuardPoint that's in "needs LDT recovery" state
AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88
** Work-around**
Use
secfsd -status guard
to check the state of the GuardPoint prior to using it. An error message will be added in a future version. -
AGT-66365: Files marked for
lazy_rekey
, during the initial rekey, change torekey_error
during the next key rotationAFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88
For files that are set to
clear key
withlazy_rekey
andrekey-status=none
, these files does not show attributes after unguarding the GuardPoint which means that the attributes were all internal for these files. -
AGT-66367: Secondary host does not trigger a single file rekey when clear_key files marked with lazy_rekey
AFFECTED VERSIONS: 7.8.0.79 | 7.8.0.88
When trying to generate
clear_key
files marked withlazy_rekey
after renaming files consecutively during the initial rekey, single file rekey is not triggered when secondary host accesses these files.