Skip to content

cf-runagent fails with "EXEC denied due to ACL for file: /usr/bin/dash" #4450

Answered by amousset
craigcomstock asked this question in Q&A
Discussion options

You must be logged in to vote

Let's have a closer look here (disclaimer: I'm not very familiar with masterfiles). The command that runs when triggered by cf-runagent is cfruncommand defined in body server control:

(in controls/cf-serverd.cf)

        cfruncommand => "$(def.cf_runagent_shell) -c \'
                           $(sys.cf_agent) -I -D cf_runagent_initiated -f $(sys.update_policy_path)  ;
                           $(sys.cf_agent) -I -D cf_runagent_initiated";

so def.cf_runagent_shell is where /usr/bin/dash comes from.

We also see that the command handles both policy update and agent execution, so no need for two cf-runagent commands. Furthermore, the -f flag in cf-runagent does not select a remote file but …

Replies: 4 comments 8 replies

Comment options

You must be logged in to vote
4 replies
@nickanderson
Comment options

@craigcomstock
Comment options

craigcomstock Jan 13, 2021
Maintainer Author

@nickanderson
Comment options

@olehermanse
Comment options

Answer selected by craigcomstock
Comment options

You must be logged in to vote
2 replies
@olehermanse
Comment options

@craigcomstock
Comment options

craigcomstock Jan 27, 2021
Maintainer Author

Comment options

You must be logged in to vote
1 reply
@craigcomstock
Comment options

craigcomstock Jan 13, 2021
Maintainer Author

Comment options

You must be logged in to vote
1 reply
@craigcomstock
Comment options

craigcomstock Jan 27, 2021
Maintainer Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
4 participants