Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SELinux prevents tacticalagent from starting after agent upgrade #1239

Closed
1 of 2 tasks
joeldeteves opened this issue Aug 8, 2022 · 2 comments
Closed
1 of 2 tasks

SELinux prevents tacticalagent from starting after agent upgrade #1239

joeldeteves opened this issue Aug 8, 2022 · 2 comments

Comments

@joeldeteves
Copy link
Contributor

Server Info (please complete the following information):

  • OS: Ubuntu 20.04
  • Browser: N/A
  • RMM Version (as shown in top left of web UI): 0.14.5

Installation Method:

  • Standard
  • Docker

Agent Info (please complete the following information):

  • Agent version (as shown in the 'Summary' tab of the agent from web UI): 2.1.1
  • Agent OS: Rocky Linux 8.5

Describe the bug
Every time the agent is upgraded on an SELinux based distro, the agent fails to start with the following error:

Aug 08 18:27:22 nfs01 systemd[3427494]: tacticalagent.service: Failed to execute command: Permission denied
Aug 08 18:27:22 nfs01 systemd[3427494]: tacticalagent.service: Failed at step EXEC spawning /usr/local/bin/tacticalagent: Permission denied
-- Subject: Process /usr/local/bin/tacticalagent could not be executed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The process /usr/local/bin/tacticalagent could not be executed and failed.
--
-- The error number returned by this process is 13.
Aug 08 18:27:22 nfs01 systemd[1]: tacticalagent.service: Main process exited, code=exited, status=203/EXEC
Aug 08 18:27:22 nfs01 systemd[1]: tacticalagent.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The unit tacticalagent.service has entered the 'failed' state with result 'exit-code'.

To Reproduce
Steps to reproduce the behavior:

  1. Install agent on an RPM-based distro that uses SELinux
  2. Upgrade the agent to a newer version using the dashboard
  3. Agent fails to start due to permission error

Workaround
The issue happens because if the binary is moved using mv from another directory with different SELinux permissions, it will keep those permissions.

The workaround is to run the following command to repair the permission and start the agent:

restorecon -rv /usr/local/bin/tacticalagent
systemctl start tacticalagent

Expected behavior
The agent should have the correct permissions so it can start after upgrade

Additional context
See https://serverfault.com/questions/957084/failed-at-step-exec-spawning-permission-denied for more info
@wh1te909
Copy link
Member

wh1te909 commented Aug 8, 2022

Fix will be in next release but since I had to change code in the agent update function, you will need to manually update the agent to the next version to get it to a working state.

@joeldeteves
Copy link
Contributor Author

Thanks for the quick fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wh1te909 @joeldeteves