Operation not permitted <= New Beat

Hi

I followed tutorial how to create new beat (https://www.elastic.co/guide/en/beats/devguide/current/new-beat.html). With tutorial I didn't have much problems. Since trying to add some logic to new beat I encountered something strange. I wanted to execute command within Run function inside beater/xxx.go. I added following to xxx.go:
import (
[...]
"os/exec"
[...]
)
Under the:
func (bt *xxx) Run(b *beat.Beat) error {
[...]
command := exec.Command("python", "path/py.py")
[...] }
I always receive error:
fork/exec /usr/bin/python: operation not permitted
I've got ubuntu 18.04, virtualenv 15.1.0 and go version: go 1.10.3 linux/amd64

Looking forward to hearing from you

Regards,
KM

The simplest solution IMO would be to disable the seccomp protections provided by libbeat that prohibit the beat from executing anything. You can add

seccomp.enabed: false

to your config file or add

-E seccomp.enabled=false

to your CLI args.

You can read more about the seccomp feature in any one of the Beat's documentation. https://www.elastic.co/guide/en/beats/metricbeat/6.4/linux-seccomp.html

And there is more developer level info in the readme at https://github.com/elastic/beats/tree/master/libbeat/common/seccomp.

1 Like

Hi Andrew

Thanks for replying, I'll try it out in few days and let you know how it went.

Regards,
KM

Hi

Andrew i've tried both methods. One worked, another didn't. With flag -E seccomp.enabled=false It worked like a charm. With seccomp.enabled: false in configuration file It didn't. I suppose I made this overwrite in wrong configuration file. I added seccomp.enabled: false to _meta/beat.yml like:
################### xxx Configuration Example #########################

############################# xxx ######################################

xxx:
period: 1s
seccomp.enabled: false

Thanks you very much for helping me out.
Regards,
KM

You would want to add seccomp.enabled: false to the configuration file that you are loading into your Beat. That is the file specified with -c beatname.yml on the CLI.

You're right. It worked.

Thank you very much and wish you the best,
KM

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.