Drata Agent not Working in Ubuntu 24.04

[ricardo-trustle]

More details:

❯ drata-agent       
LaunchProcess: failed to execvp:
/opt/Drata
[96799:0504/195446.344473:FATAL:zygote_host_impl_linux.cc(201)] Check failed: . : Invalid argument (22)
[1]    96799 trace trap (core dumped)  drata-agent

❯ uname -a         
Linux ric-HP-Z440 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

The only way I have found to launch it is with the option --no-sandbox:

❯ drata-agent --no-sandbox                   
Checking for beta autoupdate feature for deb/rpm distributions
Found package-type: deb

[ricardo-trustle]

The drata-agent appears to work if I run this before:

❯ sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

❯ drata-agent             
Checking for beta autoupdate feature for deb/rpm distributions
Found package-type: deb

[slarek]

I have the same issue with Ubuntu 24.04. The drata-agent does not start unless I run the command cited above.

[MDziwny]

We are facing the same issue with Ubuntu 24.04, it's quite problematic with our tech team because it doesn't ease the adoption of Drata.
I've tried to create an AppArmor profile but without success so far and deactivating AppArmor is not a solution (it would be quite ironical to deactivate a security measure to be able to run a software to check the security configuration ...).

[mnrdrata]

I would not disable AppArmor, but --no-sandbox is the appropriate solution for Chromium apps with AppArmor. The Drata Agent does need to be able to run under user context, execute unprivileged shell commands, use network connectivity, launch Chromium, and write to local storage and log files. It should not be sudod / run as root.

Do the users launching drata-agent have root privileges to their devices?

This is likely related to Chromium with Unprivileged user namespace restrictions via AppArmor in Ubuntu. Our customer success team can help you work through these restrictions, please submit a support ticket for the quickest remediation of your specific issue.

First identified Ubuntu 23.10 (non-LTS), and carried to Ubuntu 24.04 LTS. Bug reports for this issue are available at AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP

NOTE: As of 3.6 there is also now an AppImage release available for use https://github.com/drata/agent-releases/releases/tag/v3.6.1

[mhazy]

For those having issues with completing the registration process, I've had success with modifying the Exec portion of /usr/share/applications/drata-agent.desktop to include --no-sandbox.

Exec="/opt/Drata Agent/drata-agent" --no-sandbox %U

[mgaitan]

hey there,

I am writing to express my frustration that Drata still does not officially support Ubuntu 24.04 LTS. Since Drata is mandatory and enforced via Kolide in my company, I am unable to use an up-to-date operating system, forcing me to work with outdated software—a situation that compromises security and efficiency.

It is disappointing that such a critical platform has not been updated in time for an LTS version of the targeted OS, which is essential for many developers and enterprises.

I urge you to prioritize this issue and provide support for Ubuntu 24.04 LTS as soon as possible to maintain the trust and reliability users expect from your application.

[mnrdrata]

This is related to a Ubuntu bug, not a bug in the Drata Agent. They attempted a fix, but it caused a regression and they reverted it. It's still pending, please see the bug reports listed at #20 (comment) for detailed information.