...
Code Block |
---|
sudo systemctl stop fapolicyd # https://www.mankier.com/8/fapolicyd # ... # --debug-deny # leave the daemon in the foreground for debugging. Event information is written to stderr only when the decision is to deny access. sudo /usr/sbin/fapolicyd --debug-deny Loaded 16 rules Changed to uid 990 Initializing the database fapolicyd integrity is 0 backend rpmdb registered backend file registered Loading rpmdb backend Loading file backend Checking database Importing data from rpmdb backend Importing data from file backend Entries in DB: 28117 Loaded from all backends(without duplicates): 28117 Database checks OK added /dev/shm mount point added / mount point added /var mount point added /boot mount point added /tmp mount point added /data mount point added /run/user/1000 mount point Starting to listen for events rule=15 dec=deny_audit perm=execute auid=-1 pid=2302 exe=/usr/local/omk/bin/opha-cli.exe : path=/tmp/par-726f6f74/cache-00548e237c0c0fdd9581d8236e7b57e47c9024b4/opha-cli.pl ftype=application/x-executable rule=15 dec=deny_audit perm=execute auid=-1 pid=2303 exe=/usr/local/omk/bin/opreports-scheduler.exe : path=/tmp/par-726f6f74/cache-815c07b0877113fa7553963226f8855aa1160121/opreports-scheduler.exe ftype=application/x-executable rule=15 dec=deny_audit perm=execute auid=-1 pid=2306 exe=/usr/local/omk/bin/opha-cli.exe : path=/tmp/par-726f6f74/cache-00548e237c0c0fdd9581d8236e7b57e47c9024b4/opha-cli.pl ftype=application/x-executable rule=15 dec=deny_audit perm=execute auid=-1 pid=2542 exe=/usr/local/omk/bin/baseline.exe : path=/tmp/par-726f6f74/cache-62f960e7d5fb11c6bcbb34fba76fe5030b04477c/baseline.exe ftype=application/x-executable rule=15 dec=deny_audit perm=execute auid=-1 pid=2695 exe=/usr/local/omk/bin/opreports-scheduler.exe : path=/tmp/par-726f6f74/cache-815c07b0877113fa7553963226f8855aa1160121/opreports-scheduler.exe ftype=application/x-executable ... ... # When finished debugging, press CTRL+C to kill this foreground fapolicyd process: ^C shutting down... # I traced the above few issues returned while debugging to cron jobs not reading /etc/environment # and therefore not picking up the environment variable PAR_GLOBAL_TMPDIR # Here is the solution to this issue: # # To ensure cron jobs cron jobs read /etc/environment and pick up the environment variable PAR_GLOBAL_TMPDIR, # prepend the following code to the command: export $(/usr/bin/xargs < /etc/environment)||:; # For example /etc/cron.d/opreports: # was # this cron schedule runs the opReports scheduler every 5 minutes # # m h dom month dow user command */5 * * * * root /usr/local/omk/bin/opreports-scheduler.exe # and becomes # this cron schedule runs the opReports scheduler every 5 minutes # # m h dom month dow user command */5 * * * * root export $(/usr/bin/xargs < /etc/environment)||:; /usr/local/omk/bin/opreports-scheduler.exe # restartRestart the fapolicyd service when debugging is finished: sudo systemctl start fapolicyd |
...