Verifying that a Guarded Directory Can be Rekeyed with dataxform
The dataxform --rekey_supported --gp <guard point path>
command verifies that the specified GuardPoint is being guarded with a valid data transformation policy and is ready to be rekeyed with dataxform.
In the following example, the GuardPoint has a rekey policy:
# dataxform --rekey_supported --gp /opt/apps/dx2
Checking if data transform is supported for guard point
/opt/apps/dx2
Data transformation is supported on /opt/apps/dx2
In the following example, the GuardPoint has a standard policy and therefore cannot be rekeyed with dataxform
.
# dataxform --rekey_supported --gp /opt/apps/apps1/doc<br>
Checking if data transform is supported for guard point<br>
/opt/apps/apps1/doc<br>
The kernel component doesn't support data transform on /opt/apps/apps1/doc
Verify this is a guard point with valid data transformation policy, and check the system log files for any other problems. It may be due to one or more of following reasons; 1.policy has no valid key rule(s), and/or 2. policy has no key_op rule, and/or 3. policy has valid permit rule(s), and/or 4. policy rule that contains key_op in the action field also specifies other actions.
You can also get the message "not a guard point or there is no data transformation rule
" when an administrator is inside the GuardPoint or accessing files in the GuardPoint. Check that no one is in the GuardPoint and that a rekey policy is applied to the GuardPoint. If a GuardPoint does not qualify for rekeying, check that a key is configured in the Data Transformation Rules tab of the assigned policy in the Management Console.