Versions Compared

Old Version 75

changes.mady.by.user Robin Twiggs

Saved on

compared with

New Version 76

changes.mady.by.user Robin Twiggs

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
sudo systemctl stop fapolicyd

# https://www.mankier.com/8/fapolicyd
# ...
# --debug-deny
# leave the daemon in the foreground for debugging. Event information is written to stderr only when the decision is to deny access.

sudo /usr/sbin/fapolicyd --debug-deny

Loaded 16 rules
Changed to uid 990
Initializing the database
fapolicyd integrity is 0
backend rpmdb registered
backend file registered
Loading rpmdb backend
Loading file backend
Checking database
Importing data from rpmdb backend
Importing data from file backend
Entries in DB: 28117
Loaded from all backends(without duplicates): 28117
Database checks OK
added /dev/shm mount point
added / mount point
added /var mount point
added /boot mount point
added /tmp mount point
added /data mount point
added /run/user/1000 mount point
Starting to listen for events
rule=15 dec=deny_audit perm=execute auid=-1 pid=2302 exe=/usr/local/omk/bin/opha-cli.exe : path=/tmp/par-726f6f74/cache-00548e237c0c0fdd9581d8236e7b57e47c9024b4/opha-cli.pl ftype=application/x-executable
rule=15 dec=deny_audit perm=execute auid=-1 pid=2303 exe=/usr/local/omk/bin/opreports-scheduler.exe : path=/tmp/par-726f6f74/cache-815c07b0877113fa7553963226f8855aa1160121/opreports-scheduler.exe ftype=application/x-executable
rule=15 dec=deny_audit perm=execute auid=-1 pid=2306 exe=/usr/local/omk/bin/opha-cli.exe : path=/tmp/par-726f6f74/cache-00548e237c0c0fdd9581d8236e7b57e47c9024b4/opha-cli.pl ftype=application/x-executable
rule=15 dec=deny_audit perm=execute auid=-1 pid=2542 exe=/usr/local/omk/bin/baseline.exe : path=/tmp/par-726f6f74/cache-62f960e7d5fb11c6bcbb34fba76fe5030b04477c/baseline.exe ftype=application/x-executable
rule=15 dec=deny_audit perm=execute auid=-1 pid=2695 exe=/usr/local/omk/bin/opreports-scheduler.exe : path=/tmp/par-726f6f74/cache-815c07b0877113fa7553963226f8855aa1160121/opreports-scheduler.exe ftype=application/x-executable
...
...

# When finished debugging, press CTRL+C to kill this foreground fapolicyd process:
^C shutting down...
Inter-thread max queue depth 11
Allowed accesses: 1029504
Denied accesses: 108
Database max pages: 10240
Database pages in use: 1631 (15%)
Subject cache size: 1549
Subject slots in use: 1466 (94%)
Subject hits: 1028146
Subject misses: 4307
Subject evictions: 2841 (0%)
Object cache size: 8191
Object slots in use: 8191 (100%)
Object hits: 1021421
Object misses: 229282
Object evictions: 221091 (21%)

# foreground fapolicyd process is now killed -
I traced the above few issues returned while debugging to cron jobs not reading /etc/environment and therefor not picking up the environment variable PAR_GLOBAL_TMPDIR

I prepended 'touch /etc/environment && . /etc/environment ' to each cron job and the issues then did not occur - for example:
    */5 * * * *   root	/usr/local/omk/bin/opreports-scheduler.exe
was changed to:
    */5 * * * *   root	touch /etc/environment && . /etc/environment /usr/local/omk/bin/opreports-scheduler.exe
 

# restart the fapolicyd service when debugging finished:
sudo systemctl start fapolicyd

...