Troubleshoot Permission Denied - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-18
Category
Administrator Guide
Abstract

Troubleshoot engine permission denied.

A common error message you may see when running integrations on engines is something like: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/images/json?t.

  1. Determine if you are using a Docker group or Dockerroot group by running one of the following on the server engine:

    • ls -la /var/run/docker.sock

      The output from this command will show what user/group is running docker.sock. For example:

      srw-rw----. 1 root docker 0 Apr 12 20:32 /var/run/docker.sock

      shows that it’s a Docker group and not Dockerroot.

    • cat /etc/group | grep docker

      This command shows if you are running Docker or Dockerroot.

    Note

    Docker CE installations typically run Docker, while Docker EE installations typically run Dockerroot.

  2. To fix a Docker user, run the following commands on the server engine:

    1. sudo groupadd docker

    2. sudo usermod -aG docker demisto

    3. sudo systemctl restart docker

    4. sudo systemctl restart d1

  3. To fix a dockerroot user, run the following commands on the server engine:

    1. sudo groupadd dockerroot

    2. Set the dockerroot group in /etc/docker/daemon.json. For example: { "group": "dockerroot" }.

    3. sudo usermod -aG dockerroot demisto

    4. sudo chcon -Rt svirt_sandbox_file_t /var/lib/demisto/temp

    5. sudo systemctl restart docker

    6. sudo systemctl restart d1