I'm left with an age old NodeJS code written and compatible with modules and NodeJS v4.9.1. It's hosted on RHEL6 and it works fine. Now I'm asked move the code to RHEL8 machine. Got ton of errors when executed tried launching app with both NodeJS 10 and 12. I downloaded the tar file of NodeJS 4.9.1 and extracted and tried to launch the app and it works fine. But this is as root. When I created a systemd service with the following line service file and try to launch it I get "-bash operation not permitted" error
[Unit]
Description=Node App
After=network.target
[Service]
Type=simple
User=node-user
ExecStart=/opt/nodeJS/bin/node /opt/nodeapp/server.js 1> /opt/nodeapp/log/node.stdout.log 2> /opt/nodeapp/log/node.stderr.log
[Install]
WantedBy=multi-user.target
When I switch to the node-user and try to run the basic node -v command I still get the same error. I even tried with 777 permissions on nodejs direcotory.
Everything works fine as root.
Any suggestions, greatly appreciated.
Ran into a similar version of this issue today (visual studio code remote-ssh extension failing, -bash operation not permitted error when trying to run node binary in the .vscode-server folder)
I also had hardening going on in my Centos8 VM, in this case the DISA STIG. After some digging around in the STIG settings, I found that the fapolicyd service (application whitelisting) was the culprit.
You can check if this is the case for you by uninstalling fapolicyd and seeing if node works after that:
sudo dnf remove fapolicyd
If that works, then you can either just leave it uninstalled or you can reinstall it and add exceptions to it:
sudo fapolicyd-cli --file add /path/to/node/binary --trust-file node
sudo fapolicyd-cli --update