• Recent
    • Tags
    • Popular
    • Register
    • Login

    Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

    Radix IoT Website Mango 4 Documentation Website Mango 5 Documentation Website Radix IoT LinkedIn

    SElinux modification required for mango bin/ scripts

    Scheduled Pinned Locked Moved Mango feedback
    1 Posts 1 Posters 1.1k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • cbyrneC Offline
      cbyrne
      last edited by cbyrne

      Just something I noticed while doing a new test install of v4.

      If SElinux is enabled, the bash scripts in the mango bin directory need a small modification to their type otherwise mango.service will fail with

      mango.service: Failed at step EXEC spawning /opt/mango/bin/start-mango.sh: Permission denied

      To check a file's SElinux type, pass the -Z flag to ls.

      ls -Z /opt/mango/bin/
unconfined_u:object_r:user_home_t:s0 certbot-deploy.sh*  
unconfined_u:object_r:user_home_t:s0 mango.cmd
unconfined_u:object_r:user_home_t:s0 start-options.sh*
unconfined_u:object_r:user_home_t:s0 genkey.sh*
unconfined_u:object_r:user_home_t:s0 mango.service
unconfined_u:object_r:user_home_t:s0 stop-mango.sh*
unconfined_u:object_r:user_home_t:s0 getenv.sh*
unconfined_u:object_r:user_home_t:s0 mango.xml
unconfined_u:object_r:user_home_t:s0 install-mango.sh*
unconfined_u:object_r:user_home_t:s0 start-mango.sh*

      In order to be run from a systemd service, the scripts need to be of type bin_t. Their type can be changed using chcon.

      sudo chcon -t bin_t /opt/mango/bin/*.sh

      Now the files are of the correct SElinux type and mango.service will run as expected.

      ls -Z /opt/mango/bin/
unconfined_u:object_r:bin_t:s0 certbot-deploy.sh*
unconfined_u:object_r:user_home_t:s0 mango.cmd
unconfined_u:object_r:bin_t:s0 start-options.sh*
unconfined_u:object_r:bin_t:s0 genkey.sh*
unconfined_u:object_r:user_home_t:s0 mango.service
unconfined_u:object_r:bin_t:s0 stop-mango.sh*
unconfined_u:object_r:bin_t:s0 getenv.sh*
unconfined_u:object_r:user_home_t:s0 mango.xml
unconfined_u:object_r:bin_t:s0 install-mango.sh*
unconfined_u:object_r:bin_t:s0 start-mango.sh*

      Might be helpful info to add to the linux documentation.

      Software Developer for GLAS Energy Technology, Ireland

      1 Reply Last reply Reply Quote 1

      Hello! It looks like you're interested in this conversation, but you don't have an account yet.

      Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

      With your input, this post could be even better 💗

      Register Login
      • First post
        Last post