Summary
You have a Mattermost deployment that you're seeing operation not permitted
in the logs and are running a RHEL based deployment.
Troubleshooting
1. Stop `fapolicyd`
sudo systemctl stop fapolicyd
2. Test your issue with Mattermost right now. Was it fixed? Then continue onward.
3. Run the debug command
sudo fapolicyd --debug
4. Look for any denies, they will look like the below.
rule=15 dec=deny_audit perm=execute auid=-1 pid=19735 exe=/opt/mattermost/bin/mattermost : path=/opt/mattermost/plugins/focalboard/server/dist/plugin-linux-amd64 ftype=application/x-executable trust=0
Fix
You need to have Mattermost permitted within fapolicyd, follow the steps below for this.
1. Create a rule file The naming convention for your rule is **really** important here. It must come before the rule that's denying Mattermost. If you're using a stock fapolicyd
then 80
works fine. You can check the deny rule with the troubleshooting steps.
sudo touch /etc/fapolicyd/rules.d/80-mattermost.rules
2. Add the permissions into to the rule file.
sudo vi /etc/fapolicyd/rules.d/80-mattermost.rules
Rule File:
allow perm=execute exe=/user/bin/sudo trust=1 : dir=/opt/mattermost/ all trust=0 allow perm=execute exe=/opt/mattermost/bin/mattermost : dir=/opt/mattermost all trust=0 allow perm=execute exe=/user/lib/systemd/systemd trust=1 : dir=/opt/mattermost/ all trust=0
3. Check the rules will be applied, This command should say `Ruels have changed and should be updated`
sudo fagenrules --check
4. Update the rules
sudo fagenrules --load
5. Now restart mattermost.
Comments
Article is closed for comments.