Actions
Bug #15636
closed
Errors with Rudder agent on unprivileged containers (LXC)
Bug #15636:
Errors with Rudder agent on unprivileged containers (LXC)
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
I dislike using that feature
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
97
Name check:
To do
Fix check:
To do
Regression:
No
Description
If you are using rudder agent on an unprivileged container you get the following errors on rudder agent update or rudder agent run :
Version: Rudder agent 5.0.12-stretch0
running on LXC Container within Proxmox VE hypervisor
error: Cannot follow symlink '/proc/net/netstat'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/route'; it is not owned by root or the user running this process, and the ta rget owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/snmp6'; it is not owned by root or the user running this process, and the ta rget owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/ipv6_route'; it is not owned by root or the user running this process, and t he target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/if_inet6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/dev'; it is not owned by root or the user running this process, and the targ et owner and/or group differs from that of the symlink itself.
Updated by Stefan Schmitt about 6 years ago
- Category set to Agent
Updated by Alexis Mousset about 5 years ago
# ls -ahl /proc [...] lrwxrwxrwx 1 nobody nogroup 8 Sep 28 13:54 net -> self/net [...] lrwxrwxrwx 1 nobody nogroup 0 Sep 28 13:51 self -> 2607 [...] dr-xr-xr-x 9 root root 0 Sep 28 13:57 2607 [...]
Updated by Alexis Mousset about 5 years ago
- Assignee set to Alexis Mousset
- Target version set to 6.1.5
Updated by Alexis Mousset about 5 years ago
- Status changed from New to In progress
Updated by Alexis Mousset about 5 years ago
Upstream issue: https://tracker.mender.io/browse/CFE-3429
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 6.1.5 to 6.1.6
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 6.1.6 to 6.1.7
Updated by Mathias B. about 5 years ago
Still an issue on Rudder agent version 6.2.0~beta1 on Debian 10 (buster), on an unprivilegied LXC container running on Proxmox.
Output when running rudder agent update:
error: Cannot follow symlink '/proc/net/netstat'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/snmp6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/ipv6_route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/if_inet6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/dev'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.Output of ls -l /proc:
...
lrwxrwxrwx 1 nobody nogroup 8 Nov 11 19:22 net -> self/net
...
lrwxrwxrwx 1 nobody nogroup 0 Nov 11 17:24 self -> 22206
...
dr-xr-xr-x 9 root root 0 Nov 11 19:22 22206
...rudder agent health returns "OK".
Updated by Vincent MEMBRÉ almost 5 years ago
- Target version changed from 6.1.7 to 6.1.8
Updated by Vincent MEMBRÉ almost 5 years ago
- Target version changed from 6.1.8 to 6.1.9
Updated by Vincent MEMBRÉ almost 5 years ago
- Target version changed from 6.1.9 to 6.1.10
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 6.1.10 to 6.1.11
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 6.1.11 to 6.1.12
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 6.1.12 to 6.1.13
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 6.1.13 to 6.1.14
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 6.1.14 to 6.1.15
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 6.1.15 to 6.1.16
Updated by Vincent MEMBRÉ about 4 years ago
- Target version changed from 6.1.16 to 6.1.17
Updated by Vincent MEMBRÉ about 4 years ago
- Target version changed from 6.1.17 to 6.1.18
Updated by Vincent MEMBRÉ almost 4 years ago
- Target version changed from 6.1.18 to 6.1.19
Updated by Elaad FURREEDAN almost 4 years ago
- Translation missing: en.field_tag_list set to Sponsored
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.1.19 to 6.1.20
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.1.20 to 6.1.21
Updated by Alexis Mousset over 3 years ago
- Status changed from In progress to New
Updated by Alexis Mousset over 3 years ago
- Tracker changed from User story to Bug
- UX impact set to I dislike using that feature
- Suggestion strength deleted (
Advise - This would make Rudder significantly better | easier | simpler) - Severity set to Major - prevents use of part of Rudder | no simple workaround
- Priority set to 43
Updated by Stefan Schmitt over 3 years ago
Still an issue on Rudder agent version 7.1.1 on Debian 11 (bullseye), on an unprivilegied LXC container running on Proxmox.
Updated by Nicolas CHARLES over 3 years ago
It still happens, and makes the "rudder agent update" command output the error message
error: Rudder agent policies could not be updated.
Updated by Alexis Mousset over 3 years ago
I'll work on this one next week or the following.
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.1.21 to old 6.1 issues to relocate
Updated by Alexis Mousset almost 3 years ago
- Target version changed from old 6.1 issues to relocate to old 6.2 issues to relocate
- Priority changed from 43 to 93
Updated by Benoît PECCATTE over 2 years ago
- Status changed from New to In progress
- Assignee changed from Alexis Mousset to Benoît PECCATTE
- Priority changed from 93 to 96
Updated by Benoît PECCATTE over 2 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-packages/pull/2719
Updated by Benoît PECCATTE over 2 years ago
- Pull Request changed from https://github.com/Normation/rudder-packages/pull/2719 to https://github.com/Normation/rudder-packages/pull/2727
Updated by Benoît PECCATTE over 2 years ago
- Target version changed from old 6.2 issues to relocate to 7.2.7
- Regression set to No
Updated by Benoît PECCATTE over 2 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-packages|588a68ddba0b1d0a8e40e665a4b85261813080ea.
Updated by Vincent MEMBRÉ over 2 years ago
- Status changed from Pending release to Released
- Priority changed from 96 to 97
This bug has been fixed in Rudder 7.2.7 and 7.3.2 which were released today.
Actions