panic: readlink /proc/self/exe: permission denied

[busybit]

Issue Details

With AdGuard Home v0.107.6 I get the following error:

panic: readlink /proc/self/exe: permission denied

goroutine 1 [running]:
github.com/AdguardTeam/AdGuardHome/internal/home.initWorkingDir({0x0, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0, 0x0}, 0x0, {0x0, ...}, ...})
github.com/AdguardTeam/AdGuardHome/internal/home/home.go:587 +0x13c
github.com/AdguardTeam/AdGuardHome/internal/home.run({0x0, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0, 0x0}, 0x0, {0x0, ...}, ...}, ...)
github.com/AdguardTeam/AdGuardHome/internal/home/home.go:388 +0x60
github.com/AdguardTeam/AdGuardHome/internal/home.Main({0x1bff620, 0x1c1cb18})
github.com/AdguardTeam/AdGuardHome/internal/home/home.go:131 +0x128
main.main()
github.com/AdguardTeam/AdGuardHome/main.go:17 +0x28

Version v0.107.5 did not have this problem.

• Version of AdGuard Home server:
  • v0.107.6
• How did you install AdGuard Home:
  • TAR archive armv7
• How did you setup DNS configuration:
  • local unbound dns server
• CPU architecture:
  • armv7l
• Operating system and version:
  • Devuan GNU/Linux 4 (chimaera) (3.8.13.30) [Odroid U3]

[ainar-g]

Hello. Please fill out the full issue template, and in particular the OS and how you're running AdGuard Home. Thanks.

[jumpsmm7]

@busybit
Do you mind redownloading the adguardhome binary and trying from scratch? Also, which of the binaries are you using? I recommend trying armv5 if you have already tried armv7, sometimes it is a compatibility issue of the arch and go binaries. And sometimes errors are created from a corrupted download failure. Let us know if any of these work.

Here is a little more information used by the SH installer to support my suggestion.

To recap on my above recommendation. I recommend using the armv5 tar instead as I noticed you failed to use the armv7 tar.

[busybit]

The same happens with armv5 binary.

Google search "linux kernel readlink /proc/self permission denied

Looks to me like this is a problem with older Linux kernels. My Odroid is running:
Linux Odroid 3.8.13.30 #1 SMP PREEMPT Wed Oct 26 17:53:58 CEST 2016 armv7l

[jumpsmm7]

@busybit

That was my first thought as well when I checked the ol'Google, but I felt I would give it the benefit of doubt with the alternative first. How are you trying to run this? are you running it straight as a launch instance, or are you trying to service install it? You may be able to still run it with out service installing it, but this would require you to control the starting/stopping mechanism's of AdGuardHome.

I am able to run the armv5 under the conditions I have stated above on a kernel much older than the one your device uses:

Linux RT-AC56R-2948 2.6.36.4brcmarm #1 SMP PREEMPT Wed Sep 30 21:59:48 EDT 2020 armv7l ASUSWRT-Merlin

From the looks of it though, you may not even be able to simply "run" it because it appears your kernel is blocking the execution of programs which is probably a runtime restriction imposed by the developers of your specific setup.

[busybit]

I'm running it with "runit". The run script first does
setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome
to allow access to the privileged port 53 as normal user.
Then adguard is run with normal user rights through
exec chpst -u $USER $DAEMON

I can also run it manually

sudo setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome
/opt/AdGuardHome/AdGuardHome

That makes no difference

[jumpsmm7]

I'm running it with "runit". The run script first does setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome to allow access to the privileged port 53 as normal user. Then adguard is run with normal user rights through exec chpst -u $USER $DAEMON

I can also run it manually

sudo setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome /opt/AdGuardHome/AdGuardHome

That makes no difference

On my setup, before I am able to "run" adguardhome, I had to set the correct file permissions using chown.

looked something like this

chown 'replace with your OS system username':root AdGuardHome_directory/*

[jumpsmm7]

Particularly here is all the adjustments I have to make

to the .yaml file. fix the permissions using

chmod 644 /opt/AdGuardHome/AdGuardHome.yaml (adjust to match your setup).
chown 'replace with your OS system username':root AdGuardHome_directory/* (adjust to match your username and your adguardhome directory path).
make sure all your executables are set with the right executable permissions with
chmod 755 (this would be the adguardhome binary specifically and any user scripts you use to launch adguardhome).

As a last measure, I manually run adguardhome checkconfig.

$PATH_to_Adguardhome_binary --check-config -c "path to adguardhome.yaml" --no-check-update

[busybit]

The permissions are all ok. I'm running the same adguard binary on two Odroids, one Odroid C2 running kernel
Linux Odroid2 3.16.85+ #1 SMP PREEMPT Tue Jun 30 19:02:35 CEST 2020 aarch64

and one Odroid U3 running kernel
Linux Odroid 3.8.13.30 #1 SMP PREEMPT Wed Oct 26 17:53:58 CEST 2016 armv7l

Both systems use the same Devuan OS, configured identical (the U3 only used as backup)

Until version v0.107.5 the armv7 binary was running fine on both. v0.107.6 only runs on the newer Odroid C2 (same binary!). So the question ist: what changed from v0.107.5 to v0.107.6?

[jumpsmm7]

The permissions are all ok. I'm running the same adguard binary on two Odroids, one Odroid C2 running kernel Linux Odroid2 3.16.85+ #1 SMP PREEMPT Tue Jun 30 19:02:35 CEST 2020 aarch64

and one Odroid U3 running kernel Linux Odroid 3.8.13.30 #1 SMP PREEMPT Wed Oct 26 17:53:58 CEST 2016 armv7l

Both systems use the same Devuan OS, configured identical (the U3 only used as backup)

Until version v0.107.5 the armv7 binary was running fine on both. v0.107.6 only runs on the newer Odroid C2 (same binary!). So the question ist: what changed from v0.107.5 to v0.107.6?

Try the edge binary version on your arm7 kernel device. See if it makes any difference.

I think the main difference between the previous version, and this new version is that the go binaries version was updated as well. Maybe a change in the go version itself used in compiling has impacted the compatibility with your armv7 kernel.

Full Changelog

See also the v0.107.6 GitHub milestone.

Security User-Agent HTTP header removed from outgoing DNS-over-HTTPS requests.Go version was updated to prevent the possibility of exploiting the CVE-2022-24675, CVE-2022-27536, and CVE-2022-28327 vulnerabilities.
Added Support for SVCB/HTTPS parameter dohpath in filtering rules with the dnsrewrite modifier according to the RFC draft (#4463 rules with the dnsrewrite modifier that create SVCB or HTTPS responses should use ech instead of echconfig to conform with the latest drafts.
Deprecated SVCB/HTTPS parameter name echconfig in filtering rules with the dnsrewrite modifier. Use ech instead. v0.109.0 will remove support for the outdated name echconfig.Obsolete --no-mem-optimization option (#4437). v0.109.0 will remove the flag completely.Fixed

I/O timeout errors when checking for the presence of another DHCP server.

Network interfaces being incorrectly labeled as down during installation.

Rules for blocking the QQ service (#3717).

Removed Go 1.16 support, since that branch of the Go compiler has reached end of life and doesn't receive security updates anymore.

[busybit]

Same problem with the edge version.

[jumpsmm7]

Same problem with the edge version.

So then it has to be the changes in the Go. To me, that is the only thing that could explain why it went from being able to work on your setup, to not being able to work on it with the new version change. Unless something inadvertently broke on your system.

[ainar-g]

@busybit, which directory did you install AdGuard Home into? It looks a bit like the error our macOS users would get whenever they tried to install it outside if /Applications, so perhaps Devuan on Pis has a similar mechanism?

Also, just to be clear, you're not running it in Docker, right?

[busybit]

It is installed in /opt/adguard. It's not running in Docker.