Adguardhome: Can't install service on Fedora 30
$ sudo ./AdGuardHome -s install
$ sudo ./AdGuardHome -s status
2019/05/17 16:58:00 [info] Service control action: status
2019/05/17 16:58:00 [fatal] failed to get service status: the service is not installed
localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=AdGuardHome comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
localhost audit[19480]: AVC avc: denied { create } for pid=19480 comm="(uardHome)" name="AdGuardHome.out" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0
localhost systemd[19480]: AdGuardHome.service: Failed to set up standard output: Permission denied
localhost systemd[19480]: AdGuardHome.service: Failed at step STDOUT spawning AdGuardHome: Permission denied
localhost systemd[1]: AdGuardHome.service: Main process exited, code=exited, status=209/STDOUT
localhost systemd[1]: AdGuardHome.service: Failed with result 'exit-code'.
...
SELinux is preventing (uardHome) from create access on the file AdGuardHome.out.
...
Raw Audit Messages
type=AVC msg=audit(1558101329.83:2701): avc: denied { create } for pid=8210 comm="(uardHome)" name="AdGuardHome.out" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0
Hash: (uardHome),init_t,var_log_t,file,create
szolin
All 5 comments
This might be helpful:
https://github.com/AdguardTeam/AdGuardHome/issues/816
ameshkov
on 7 Jun 2019
I can't reproduce it anymore
szolin
on 4 Jul 2019
@ameshkov I have had this same problem, and I solved it as follows (just commenting here to help other people with same issue):
I'm running Fedora 33 in a Raspberry Pi 3 Model B.
# uname -a
Linux pidora 5.9.16-200.fc33.aarch64 #1 SMP Mon Dec 21 13:55:00 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux
After installing the AdGuard binary, I got this problem when check status:
# ./AdGuardHome -s status
2020/12/29 20:11:54 [info] Service control action: status
2020/12/29 20:11:54 [fatal] failed to get service status: the service is not installed
The logs from the systemd service are like this:
Started AdGuard Home: Network-level blocker.
Dec 29 19:56:56 pidora systemd[922]: AdGuardHome.service: Failed to execute command: Permission denied
Dec 29 19:56:56 pidora systemd[922]: AdGuardHome.service: Failed at step EXEC spawning /root/AdGuardHome/AdGuardHome: Permission denied
Dec 29 19:56:56 pidora systemd[1]: AdGuardHome.service: Main process exited, code=exited, status=203/EXEC
Dec 29 19:56:56 pidora systemd[1]: AdGuardHome.service: Failed with result 'exit-code'.
I think that the error is related to SELinux being activated and the binary does not have the correct security context to run.
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
How I fixed this?
I moved the AdGuard binary to the /usr/local/bin directory and executed the next command to change the security context of the file:
# chcon -t bin_t /usr/local/bin/AdGuardHome
Now the binary can run without problems. Just add firewall rules in order to make it reachable through the network and that's all.
# firewall-cmd --new-zone=adguard --permanent
# firewall-cmd --zone=adguard --add-source=192.168.0.14/24 --permanent
# firewall-cmd --zone=adguard --add-port=3000/tcp --permanent
# firewall-cmd --zone=adguard --add-port=53/udp --permanent
# firewall-cmd --zone=adguard --add-port=80/tcp --permanent
# firewall-cmd --reload
Cheers!! :smiley: :christmas_tree: :santa:
fooock
on 29 Dec 2020
@ainar-g should we maybe add this info to FAQ?
ameshkov
on 30 Dec 2020
ainar-g
on 30 Dec 2020
Related issues
ammnt
路
3Comments
Iconology
路
3Comments
hl2guide
路
3Comments
sosp
路
3Comments
snhv
路
3Comments