Project

General

Profile

Actions

Bug #15636

closed

Errors with Rudder agent on unprivileged containers (LXC)

Added by Stefan Schmitt over 5 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Agent
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
I dislike using that feature
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
97
Name check:
To do
Fix check:
To do
Regression:
No

Description

If you are using rudder agent on an unprivileged container you get the following errors on rudder agent update or rudder agent run :

Version: Rudder agent 5.0.12-stretch0
running on LXC Container within Proxmox VE hypervisor

   error: Cannot follow symlink '/proc/net/netstat'; it is not owned by root or the user running this process, and the                                       target owner and/or group differs from that of the symlink itself.
   error: Cannot follow symlink '/proc/net/route'; it is not owned by root or the user running this process, and the ta                                      rget owner and/or group differs from that of the symlink itself.
   error: Cannot follow symlink '/proc/net/snmp6'; it is not owned by root or the user running this process, and the ta                                      rget owner and/or group differs from that of the symlink itself.
   error: Cannot follow symlink '/proc/net/ipv6_route'; it is not owned by root or the user running this process, and t                                      he target owner and/or group differs from that of the symlink itself.
   error: Cannot follow symlink '/proc/net/if_inet6'; it is not owned by root or the user running this process, and the                                       target owner and/or group differs from that of the symlink itself.
   error: Cannot follow symlink '/proc/net/dev'; it is not owned by root or the user running this process, and the targ                                      et owner and/or group differs from that of the symlink itself.
Actions #1

Updated by Stefan Schmitt over 5 years ago

  • Category set to Agent
Actions #2

Updated by Alexis Mousset about 4 years ago

# ls -ahl /proc
[...]
lrwxrwxrwx   1 nobody          nogroup            8 Sep 28 13:54 net -> self/net
[...]
lrwxrwxrwx   1 nobody          nogroup            0 Sep 28 13:51 self -> 2607
[...]
dr-xr-xr-x   9 root            root               0 Sep 28 13:57 2607
[...]
Actions #3

Updated by Alexis Mousset about 4 years ago

  • Assignee set to Alexis Mousset
  • Target version set to 6.1.5
Actions #4

Updated by Alexis Mousset about 4 years ago

  • Status changed from New to In progress
Actions #6

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 6.1.5 to 6.1.6
Actions #7

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 6.1.6 to 6.1.7
Actions #8

Updated by Mathias B. about 4 years ago

Still an issue on Rudder agent version 6.2.0~beta1 on Debian 10 (buster), on an unprivilegied LXC container running on Proxmox.

Output when running rudder agent update:

error: Cannot follow symlink '/proc/net/netstat'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/snmp6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/ipv6_route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/if_inet6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/dev'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.

Output of ls -l /proc:

...
lrwxrwxrwx 1 nobody nogroup 8 Nov 11 19:22 net -> self/net
...
lrwxrwxrwx 1 nobody nogroup 0 Nov 11 17:24 self -> 22206
...
dr-xr-xr-x 9 root root 0 Nov 11 19:22 22206
...
rudder agent health returns "OK".
Actions #9

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 6.1.7 to 6.1.8
Actions #10

Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 6.1.8 to 6.1.9
Actions #11

Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 6.1.9 to 6.1.10
Actions #12

Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 6.1.10 to 6.1.11
Actions #13

Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 6.1.11 to 6.1.12
Actions #14

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.12 to 6.1.13
Actions #15

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.13 to 6.1.14
Actions #16

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.14 to 6.1.15
Actions #17

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.15 to 6.1.16
Actions #18

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.16 to 6.1.17
Actions #19

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.1.17 to 6.1.18
Actions #20

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.1.18 to 6.1.19
Actions #21

Updated by Elaad FURREEDAN about 3 years ago

  • Translation missing: en.field_tag_list set to Sponsored
Actions #22

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.1.19 to 6.1.20
Actions #23

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.1.20 to 6.1.21
Actions #25

Updated by Alexis Mousset over 2 years ago

  • Status changed from In progress to New
Actions #26

Updated by Alexis Mousset over 2 years ago

  • Tracker changed from User story to Bug
  • UX impact set to I dislike using that feature
  • Suggestion strength deleted (Advise - This would make Rudder significantly better | easier | simpler)
  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • Priority set to 43
Actions #27

Updated by Stefan Schmitt over 2 years ago

Still an issue on Rudder agent version 7.1.1 on Debian 11 (bullseye), on an unprivilegied LXC container running on Proxmox.

Actions #28

Updated by Nicolas CHARLES over 2 years ago

It still happens, and makes the "rudder agent update" command output the error message

error: Rudder agent policies could not be updated.

Actions #29

Updated by Alexis Mousset over 2 years ago

I'll work on this one next week or the following.

Actions #30

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.1.21 to old 6.1 issues to relocate
Actions #31

Updated by Alexis Mousset about 2 years ago

  • Target version changed from old 6.1 issues to relocate to old 6.2 issues to relocate
  • Priority changed from 43 to 93
Actions #32

Updated by Benoît PECCATTE over 1 year ago

  • Status changed from New to In progress
  • Assignee changed from Alexis Mousset to Benoît PECCATTE
  • Priority changed from 93 to 96
Actions #33

Updated by Benoît PECCATTE over 1 year ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Benoît PECCATTE to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/2719
Actions #34

Updated by Benoît PECCATTE over 1 year ago

  • Pull Request changed from https://github.com/Normation/rudder-packages/pull/2719 to https://github.com/Normation/rudder-packages/pull/2727
Actions #35

Updated by Benoît PECCATTE over 1 year ago

  • Target version changed from old 6.2 issues to relocate to 7.2.7
  • Regression set to No
Actions #36

Updated by Benoît PECCATTE over 1 year ago

  • Status changed from Pending technical review to Pending release
Actions #37

Updated by Vincent MEMBRÉ over 1 year ago

  • Status changed from Pending release to Released
  • Priority changed from 96 to 97

This bug has been fixed in Rudder 7.2.7 and 7.3.2 which were released today.

Actions

Also available in: Atom PDF