Closed Micah-Kolide closed 2 months ago
Outside of this issue, I had thought that the queries in Live Query go through a sudoed instance of launcher, but perhaps I was mistaken on that?
Sorta, yes. Outside development, launcher runs with root permission. But dev instances are usually running with user credentials.
Outside of this issue, I had thought that the queries in Live Query go through a sudoed instance of launcher, but perhaps I was mistaken on that?
Sorta, yes. Outside development, launcher runs with root permission. But dev instances are usually running with user credentials.
I saw this issue in both my dev env and when I tried a real Live Query in prod.
I've been trying to test my new check that uses the
kolide_brew_upgradeable
table, when I kept hitting an issue in Live Query where all devices returned no results. I could easily get results locally, so I wasn't sure what was going on.After more testing locally, I saw the error
fork/exec /opt/homebrew/bin/brew: operation not permitted
, and after some digging online I came to this post.Basically the syscall
SYS_SETGROUPS
requires elevated permissions, so a non-root user attempting to set the groups causes anEPERM
error. There is a fix inside theCredential
structure:NoSetGroups
, but I figured since we are already running as the user, we can just early exit instead of adding that flag.Outside of this issue, I had thought that the queries in Live Query go through a sudoed instance of launcher, but perhaps I was mistaken on that?