Bug #15636
closedErrors with Rudder agent on unprivileged containers (LXC)
Description
If you are using rudder agent on an unprivileged container you get the following errors on rudder agent update
or rudder agent run
:
Version: Rudder agent 5.0.12-stretch0
running on LXC Container within Proxmox VE hypervisor
error: Cannot follow symlink '/proc/net/netstat'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/route'; it is not owned by root or the user running this process, and the ta rget owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/snmp6'; it is not owned by root or the user running this process, and the ta rget owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/ipv6_route'; it is not owned by root or the user running this process, and t he target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/if_inet6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/dev'; it is not owned by root or the user running this process, and the targ et owner and/or group differs from that of the symlink itself.
Updated by Alexis Mousset almost 5 years ago
# ls -ahl /proc [...] lrwxrwxrwx 1 nobody nogroup 8 Sep 28 13:54 net -> self/net [...] lrwxrwxrwx 1 nobody nogroup 0 Sep 28 13:51 self -> 2607 [...] dr-xr-xr-x 9 root root 0 Sep 28 13:57 2607 [...]
Updated by Alexis Mousset almost 5 years ago
Upstream issue: https://tracker.mender.io/browse/CFE-3429
Updated by Mathias B. over 4 years ago
Still an issue on Rudder agent version 6.2.0~beta1 on Debian 10 (buster), on an unprivilegied LXC container running on Proxmox.
Output when running rudder agent update
:
error: Cannot follow symlink '/proc/net/netstat'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/snmp6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/ipv6_route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/if_inet6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/dev'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
Output of ls -l /proc
:
...
lrwxrwxrwx 1 nobody nogroup 8 Nov 11 19:22 net -> self/net
...
lrwxrwxrwx 1 nobody nogroup 0 Nov 11 17:24 self -> 22206
...
dr-xr-xr-x 9 root root 0 Nov 11 19:22 22206
...
rudder agent health
returns "OK".
Updated by Stefan Schmitt about 3 years ago
Still an issue on Rudder agent version 7.1.1 on Debian 11 (bullseye), on an unprivilegied LXC container running on Proxmox.
Updated by Nicolas CHARLES about 3 years ago
It still happens, and makes the "rudder agent update" command output the error message
error: Rudder agent policies could not be updated.
Updated by Alexis Mousset about 3 years ago
I'll work on this one next week or the following.
Updated by Benoît PECCATTE over 2 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-packages/pull/2719
Updated by Benoît PECCATTE about 2 years ago
- Pull Request changed from https://github.com/Normation/rudder-packages/pull/2719 to https://github.com/Normation/rudder-packages/pull/2727
Updated by Benoît PECCATTE about 2 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-packages|588a68ddba0b1d0a8e40e665a4b85261813080ea.
Updated by Vincent MEMBRÉ about 2 years ago
- Status changed from Pending release to Released
- Priority changed from 96 to 97
This bug has been fixed in Rudder 7.2.7 and 7.3.2 which were released today.