Running SharePlex with fapolicyd active will result in "Operation not permitted"
説明
When running SharePlex on a Linux OS with fapolicyd enabled, trying to start SharePlex will show the following message:
./sp_cop -u splex &
-bash: ./sp_cop: Operation not permitted
原因
The fapolicy is a software used to restrict access and execution of files. It uses a set of rules and trust files to determine which application can be run. By default, it restricts all application not installed with the yum/dnf to be run.
The default policy in /etc/fapolicyd/rules.d/90-deny-execute.rules will prevent any application not listed as trusted to run.
対策
You will need to set SharePlex executables as trusted or create a rule to permit execution of SharePlex binaries in fapolicyd. This should include the bin, util, install and .app-modules directories.
To add the whole SharePlex prod dir:
fapolicyd-cli --file add=<SharePlex prod dir path> --trust-file <trust filename>
The <SharePlex prod dir path> is the complete path for the SharePlex prod dir. The <trust filename> is the name of the trust file that will be created in /etc/fapolicyd/trust.d. If you specify an existing filename, it will add the rules to that file. If no filename is specified, it will be added to the default trust file located in /etc/fapolicyd/ directory.
