Can't install service on Fedora 30

[szolin]

$ sudo ./AdGuardHome -s install
$ sudo ./AdGuardHome -s status
2019/05/17 16:58:00 [info] Service control action: status
2019/05/17 16:58:00 [fatal] failed to get service status: the service is not installed

localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=AdGuardHome comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
localhost audit[19480]: AVC avc:  denied  { create } for  pid=19480 comm="(uardHome)" name="AdGuardHome.out" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0
localhost systemd[19480]: AdGuardHome.service: Failed to set up standard output: Permission denied
localhost systemd[19480]: AdGuardHome.service: Failed at step STDOUT spawning AdGuardHome: Permission denied
localhost systemd[1]: AdGuardHome.service: Main process exited, code=exited, status=209/STDOUT
localhost systemd[1]: AdGuardHome.service: Failed with result 'exit-code'.

...
SELinux is preventing (uardHome) from create access on the file AdGuardHome.out.
...

Raw Audit Messages
type=AVC msg=audit(1558101329.83:2701): avc:  denied  { create } for  pid=8210 comm="(uardHome)" name="AdGuardHome.out" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0


Hash: (uardHome),init_t,var_log_t,file,create

[ameshkov]

This might be helpful:
#816

[szolin]

I can't reproduce it anymore

[fooock]

@ameshkov I have had this same problem, and I solved it as follows (just commenting here to help other people with same issue):

I'm running Fedora 33 in a Raspberry Pi 3 Model B.

# uname -a
Linux pidora 5.9.16-200.fc33.aarch64 #1 SMP Mon Dec 21 13:55:00 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux

After installing the AdGuard binary, I got this problem when check status:

# ./AdGuardHome -s status
2020/12/29 20:11:54 [info] Service control action: status
2020/12/29 20:11:54 [fatal] failed to get service status: the service is not installed

The logs from the systemd service are like this:

Started AdGuard Home: Network-level blocker.
Dec 29 19:56:56 pidora systemd[922]: AdGuardHome.service: Failed to execute command: Permission denied
Dec 29 19:56:56 pidora systemd[922]: AdGuardHome.service: Failed at step EXEC spawning /root/AdGuardHome/AdGuardHome: Permission denied
Dec 29 19:56:56 pidora systemd[1]: AdGuardHome.service: Main process exited, code=exited, status=203/EXEC
Dec 29 19:56:56 pidora systemd[1]: AdGuardHome.service: Failed with result 'exit-code'.

I think that the error is related to SELinux being activated and the binary does not have the correct security context to run.

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

How I fixed this?

I moved the AdGuard binary to the /usr/local/bin directory and executed the next command to change the security context of the file:

# chcon -t bin_t /usr/local/bin/AdGuardHome

Now the binary can run without problems. Just add firewall rules in order to make it reachable through the network and that's all.

# firewall-cmd --new-zone=adguard --permanent
# firewall-cmd --zone=adguard --add-source=192.168.0.14/24 --permanent
# firewall-cmd --zone=adguard --add-port=3000/tcp --permanent
# firewall-cmd --zone=adguard --add-port=53/udp --permanent
# firewall-cmd --zone=adguard --add-port=80/tcp --permanent
# firewall-cmd --reload

Cheers!! 😃 🎄 🎅

[ameshkov]

@ainar-g should we maybe add this info to FAQ?

[ainar-g]

https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#fedora