OS: CentOS 8.1 (fresh minimal install) Guac: 1.1.0 I unpacked guacamole, setup tomcat 9.0.34, etc. I get to the point I need to `systemctl enable guacd` to enable the guacd service and it fails with a message like:
"failed to enable unit: unit file guacd.serviuce does not exist." I `ls -al /etc/systemd/system` and guacd.service is present. Odd, I compare the permissions and ownership on guacd.service to a working install on a CentOS 7.8 machine (also Guacamole 1.1.0). Permissions and contents of the guacd.service file are identical. Then I try `systemd-analyze verify guacd.service` and no output. I have done `systemctl daemon-reload`. I do `systemctl list-unit-files --type=service`. guacd is listed with a state of "bad" in red. Ok so it knows the file is there... Finally, I check `/var/log/messages`. Its immediately apparent that SEL is blocking access to the guacd.service file preventing it from enabling by creating the required symlink. messages like "SELinux is preventing systemd from read/open access on file guacd.service..." I do `setenforce 0` and run `systemctl enable guacd` and it works. I start the service and it works. I put SEL back in enforcing mode, restart guac, still running no problems. The really odd part...the tomcat service started without issue prior to all the guacd stuff. SEL prevented enabling guacd.service but not tomcat.service with the same permissions, ownership and within the same directory... I am going to guess this is an SEL related matter and not a Guacamole related matter but wanted to check that I have not missed something on the Guacamole side. UPDATE: Another look/check and I think I found the cause...not sure who's "fault" this is. It appears that the guacd.service file has a SEL context of "system_u:object_r:default_t:s0". All other service files in /etc/systemd/system have a context of "system_u:object_r:systemd_unit_file_t:s0", including the tomcat.service file. The solution for me seems to be to run the following command before trying to enable guacd: sudo restorecon -v /etc/systemd/system/guacd.service This results in the guacd.service file being labeled with the systemd_unit_file_t context. Afterwards, `systemctl enable guacd` works as expected. Hope this may help others, lucky I got it sorted while writing this up and figured best to share. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
