From 85623c6eb40a5de8501bccd99dcb92964f2eeb83 Mon Sep 17 00:00:00 2001 From: Lorenz Bauer Date: Tue, 17 Dec 2024 21:58:00 +0000 Subject: [PATCH] Grant LOCAL SERVICE permission to read and execute debug DLLs (#4095) Update setup-ebpf.ps1 to also explicitly grant LOCAL SERVICE permission to execute the required debug DLLS. This seems to be necessary to avoid error 1053 when installing on a new system via SSH. --- scripts/setup-ebpf.ps1 | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/scripts/setup-ebpf.ps1 b/scripts/setup-ebpf.ps1 index 3bdafc836f..311592e395 100644 --- a/scripts/setup-ebpf.ps1 +++ b/scripts/setup-ebpf.ps1 @@ -61,13 +61,14 @@ if ($Uninstall) { Write-Host("Visual C++ Redistributable installation completed successfully!") -ForegroundColor Green } - # Move the Visual C++ Redistributable Debug DLLs to the JIT directory, so that ebpfsvc.exe - # does not fail to start with error 1053. + # Copy the Visual C++ Redistributable Debug DLLs to the JIT directory and give + # LOCAL SERVICE read access. + # This is so that ebpfsvc.exe does not fail to start with error 1053. Write-Host("Copying Visual C++ Redistributable debug runtime DLLs to the $EbpfSvcPath directory...") # Test if the VC debug runtime DLLs are present in the working directory (indicating a debug build). $VCDebugRuntime = $VCDebugRuntime | Where-Object { Test-Path (Join-Path $WorkingDirectory $_) } if (-not $VCDebugRuntime) { - Write-Host("Visual C++ Redistributable debug runtime DLLs not found in the working directory (i.e., release build or already installed). Skipping this step.") -ForegroundColor Yellow + Write-Host("Visual C++ Redistributable debug runtime DLLs not found in the working directory. Skipping this step.") -ForegroundColor Yellow } else { if (-not (Test-Path $EbpfSvcPath)) { New-Item -Path $EbpfSvcPath -ItemType Directory @@ -76,7 +77,10 @@ if ($Uninstall) { $VCDebugRuntime | ForEach-Object { $sourcePath = Join-Path $WorkingDirectory $_ $destinationPath = Join-Path $EbpfSvcPath $_ - Move-Item -Path $sourcePath -Destination $destinationPath -Force + Copy-Item -Path $sourcePath -Destination $destinationPath -Force + $acl = Get-Acl $destinationPath + $acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\LOCAL SERVICE", "ReadAndExecute", "Allow"))) + Set-Acl $destinationPath $acl } Write-Host("Visual C++ Redistributable debug runtime DLLs copied successfully!") -ForegroundColor Green }