search

drata / drata-agent

Apache License 2.0
9 stars 4 forks source link

Drata Agent not Working in Ubuntu 24.04 #20

Open ricardo-trustle opened 2 months ago

ricardo-trustle commented 2 months ago

More details:

❯ drata-agent       
LaunchProcess: failed to execvp:
/opt/Drata
[96799:0504/195446.344473:FATAL:zygote_host_impl_linux.cc(201)] Check failed: . : Invalid argument (22)
[1]    96799 trace trap (core dumped)  drata-agent

❯ uname -a         
Linux ric-HP-Z440 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

The only way I have found to launch it is with the option --no-sandbox:

❯ drata-agent --no-sandbox                   
Checking for beta autoupdate feature for deb/rpm distributions
Found package-type: deb
ricardo-trustle commented 2 months ago

The drata-agent appears to work if I run this before:

❯ sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

❯ drata-agent             
Checking for beta autoupdate feature for deb/rpm distributions
Found package-type: deb
slarek commented 2 months ago

I have the same issue with Ubuntu 24.04. The drata-agent does not start unless I run the command cited above.

MDziwny commented 1 month ago

We are facing the same issue with Ubuntu 24.04, it's quite problematic with our tech team because it doesn't ease the adoption of Drata. I've tried to create an AppArmor profile but without success so far and deactivating AppArmor is not a solution (it would be quite ironical to deactivate a security measure to be able to run a software to check the security configuration ...).

mnrdrata commented 1 month ago

I would not disable AppArmor, but --no-sandbox is the appropriate solution for Chromium apps with AppArmor. The Drata Agent does need to be able to run under user context, execute unprivileged shell commands, use network connectivity, launch Chromium, and write to local storage and log files. It should not be sudod / run as root.

Do the users launching drata-agent have root privileges to their devices?

This is likely related to Chromium with Unprivileged user namespace restrictions via AppArmor in Ubuntu. Our customer success team can help you work through these restrictions, please submit a support ticket for the quickest remediation of your specific issue.

First identified Ubuntu 23.10 (non-LTS), and carried to Ubuntu 24.04 LTS. Bug reports for this issue are available at AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP

NOTE: As of 3.6 there is also now an AppImage release available for use https://github.com/drata/agent-releases/releases/tag/v3.6.1

mhazy commented 1 month ago

For those having issues with completing the registration process, I've had success with modifying the Exec portion of /usr/share/applications/drata-agent.desktop to include --no-sandbox.

Exec="/opt/Drata Agent/drata-agent" --no-sandbox %U