Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[import-document,import-file-stix] Support running as an arbitrary user (OpenShift Container Platform) #2507

Closed
leitosama opened this issue Aug 20, 2024 · 1 comment
Closed

[import-document,import-file-stix] Support running as an arbitrary user (OpenShift Container Platform) #2507

leitosama opened this issue Aug 20, 2024 · 1 comment
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.2.16

Comments

@leitosama
Copy link
Contributor

leitosama commented Aug 20, 2024
edited
Loading

Description

All connectors and OpenCTI Platform are deployed in OpenShift Container Platform.

  • import-document connector returns PermissionError: [Errno 13] Permission denied: '<file>' error while downloading into container filesystem
  • import-file-stix connector returns PermissionError: [Errno 13] Permission denied: '/.stixmarx' while starting up
    This error occurs because OCP runs container using an arbitrarily assigned user ID (same as Support running as an arbitrary user (OpenShift Container Platform) opencti#4885).

Environment

  1. OS (where OpenCTI server runs): Red Hat CoreOS 9(OpenShift Container Platform)/Debian 11 (docker compose)
  2. OpenCTI version: 6.2.13
  3. OpenCTI client: non applicable
  4. Other environment details:

Reproducible Steps

To reproduce this error in Docker:

  1. Change docker-compose.yml in OpenCTI Docker):
  connector-import-document:
    image: opencti/connector-import-document:6.2.13
    user: 1005:0
  1. Run OpenCTI Platform
  2. Import a document or text using "Import" page http://localhost:8080/dashboard/data/import

Expected Output

Import is successful

Actual Output

The connector returns PermissionError: [Errno 13] Permission denied: '<file>'

Additional information

About OCP arbitrary user
@leitosama leitosama added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Aug 20, 2024
@leitosama leitosama mentioned this issue Aug 20, 2024
Merged
4 tasks
@leitosama leitosama changed the title [import-document] Support running as an arbitrary user (OpenShift Container Platform) [import-document,import-file-stix] Support running as an arbitrary user (OpenShift Container Platform) Aug 21, 2024
leitosama added a commit to leitosama/opencti-connectors that referenced this issue Aug 24, 2024
@leitosama
Fix OpenCTI-Platform#2507
311e6e3 
Signed-off-by: leitosama <[email protected]>
leitosama added a commit to leitosama/opencti-connectors that referenced this issue Aug 24, 2024
@leitosama
Fix OpenCTI-Platform#2507 for connector-import-file-stix
03945e6 
Signed-off-by: leitosama <[email protected]>
@helene-nguyen helene-nguyen added solved use to identify issue that has been solved (must be linked to the solving PR) and removed needs triage use to identify issue needing triage from Filigran Product team labels Aug 24, 2024
@leitosama
Copy link
Contributor Author

@helene-nguyen
I'm sorry, but PR #2508 does not fully resolve the bug related to the import-file-stix image.

This connector relies on the mitre/stixmarx repository, which still has an open Issue mitre/stixmarx#13 about ~/.stixmark

According to the stixmarx code, the connector attempts to create a file in the home directory (~).

I believe this can be fixed by passing the $HOME environment variable in the Dockerfile.
I will send new PR with fix later.

@leitosama leitosama mentioned this issue Aug 26, 2024
Merged
4 tasks
helene-nguyen pushed a commit that referenced this issue Aug 27, 2024
@leitosama
[import document, import file stix] Fix #2507 for import-file-stix im…
3d2c305 
…age (#2529)

Signed-off-by: leitosama <[email protected]>
@Jipegien Jipegien added this to the Release 6.2.16 milestone Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.2.16
Development

No branches or pull requests
3 participants
@leitosama @helene-nguyen @Jipegien