Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk SOAR
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Premium Solutions
- :
- Splunk SOAR
- :
- Exception: Operation not permitted: '/opt/phantom/...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exception: Operation not permitted: '/opt/phantom/local_data/app_states ...
joelwking
Engager
01-27-2022
08:59 AM
Using the app user interface introduced in 5.1.0.70187, when running the app from this interface, it fails saving state.
This is a new feature in 5.1 which does not exist in 5.0. When running the app from an event, there is no issue. Looking at the state directory, there are temporary files created in the directory for each failed execution.
Note: there is a permission error chmod_func(dst, stat.S_IMODE(st.st_mode))\r\nPermissionError: [Errno 1] likely the root cause of the issue.
{"identifier": "retrieve flows", "result_data": [{"data": [], "extra_data": [], "summary": {}, "status": "failed", "message": "Could not retrieve Tenants(Domains)", "parameter": {"timespan": 60, "start_time": "2022-01-24T15:30:00Z", "record_limit": 2000, "malicious_ip": "192.168.200.50"}, "context": {}}], "result_summary": {"total_objects": 1, "total_objects_successful": 0}, "status": "failed", "message": "Exception Occurred. [Errno 1] Operation not permitted: '/opt/phantom/local_data/app_states/eac976c5-c8d7-4b77-9fdd-52bab068679c/9_state.json'.\r\nTraceback (most recent call last):\r\n File \"../pylib/phantom/base_connector.py\", line 3252, in _handle_action\r\n File \"/opt/phantom/apps/ciscosecurenetworkanalytics_eac976c5-c8d7-4b77-9fdd-52bab068679c/ciscosecurenetworkanalytics_connector.py\", line 458, in finalize\r\n self.save_state(self._state)\r\n File \"../pylib/phantom/base_connector.py\", line 2978, in save_state\r\n File \"/opt/phantom/usr/python36/lib/python3.6/shutil.py\", line 246, in copy\r\n copymode(src, dst, follow_symlinks=follow_symlinks)\r\n File \"/opt/phantom/usr/python36/lib/python3.6/shutil.py\", line 144, in copymode\r\n chmod_func(dst, stat.S_IMODE(st.st_mode))\r\nPermissionError: [Errno 1] Operation not permitted: '/opt/phantom/local_data/app_states/eac976c5-c8d7-4b77-9fdd-52bab068679c/9_state.json'", "exception_occured": true, "action_cancelled": false}
Traceback (most recent call last):
File "ciscosecurenetworkanalytics_eac976c5-c8d7-4b77-9fdd-52bab068679c/eac976c5-c8d7-4b77-9fdd-52bab068679c_2022_01_25_02_38_01.py", line 32, in <module>
raise Exception("Action Failed")
Exception: Action Failed
There is no issue with the code in 5.0.1.66250 as this user interface does not exist. The code functions fine from the shell/CLI or from the events screen.
Get Updates on the Splunk Community!
Unlock Database Monitoring with Splunk Observability Cloud
In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...
Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All
At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...
[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk
Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST
In the fast-paced world ...
