Bug #15636
closed
Errors with Rudder agent on unprivileged containers (LXC)
Added by Stefan Schmitt over 5 years ago.
Updated over 1 year ago.
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
I dislike using that feature
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Description
If you are using rudder agent on an unprivileged container you get the following errors on rudder agent update
or rudder agent run
:
Version: Rudder agent 5.0.12-stretch0
running on LXC Container within Proxmox VE hypervisor
error: Cannot follow symlink '/proc/net/netstat'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/route'; it is not owned by root or the user running this process, and the ta rget owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/snmp6'; it is not owned by root or the user running this process, and the ta rget owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/ipv6_route'; it is not owned by root or the user running this process, and t he target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/if_inet6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/dev'; it is not owned by root or the user running this process, and the targ et owner and/or group differs from that of the symlink itself.
# ls -ahl /proc
[...]
lrwxrwxrwx 1 nobody nogroup 8 Sep 28 13:54 net -> self/net
[...]
lrwxrwxrwx 1 nobody nogroup 0 Sep 28 13:51 self -> 2607
[...]
dr-xr-xr-x 9 root root 0 Sep 28 13:57 2607
[...]
- Assignee set to Alexis Mousset
- Target version set to 6.1.5
- Status changed from New to In progress
- Target version changed from 6.1.5 to 6.1.6
- Target version changed from 6.1.6 to 6.1.7
Still an issue on Rudder agent version 6.2.0~beta1 on Debian 10 (buster), on an unprivilegied LXC container running on Proxmox.
Output when running rudder agent update
:
error: Cannot follow symlink '/proc/net/netstat'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/snmp6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/ipv6_route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/if_inet6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/dev'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
Output of ls -l /proc
:
...
lrwxrwxrwx 1 nobody nogroup 8 Nov 11 19:22 net -> self/net
...
lrwxrwxrwx 1 nobody nogroup 0 Nov 11 17:24 self -> 22206
...
dr-xr-xr-x 9 root root 0 Nov 11 19:22 22206
...
rudder agent health
returns "OK".
- Target version changed from 6.1.7 to 6.1.8
- Target version changed from 6.1.8 to 6.1.9
- Target version changed from 6.1.9 to 6.1.10
- Target version changed from 6.1.10 to 6.1.11
- Target version changed from 6.1.11 to 6.1.12
- Target version changed from 6.1.12 to 6.1.13
- Target version changed from 6.1.13 to 6.1.14
- Target version changed from 6.1.14 to 6.1.15
- Target version changed from 6.1.15 to 6.1.16
- Target version changed from 6.1.16 to 6.1.17
- Target version changed from 6.1.17 to 6.1.18
- Target version changed from 6.1.18 to 6.1.19
- Translation missing: en.field_tag_list set to Sponsored
- Target version changed from 6.1.19 to 6.1.20
- Target version changed from 6.1.20 to 6.1.21
- Status changed from In progress to New
- Tracker changed from User story to Bug
- UX impact set to I dislike using that feature
- Suggestion strength deleted (
Advise - This would make Rudder significantly better | easier | simpler)
- Severity set to Major - prevents use of part of Rudder | no simple workaround
- Priority set to 43
Still an issue on Rudder agent version 7.1.1 on Debian 11 (bullseye), on an unprivilegied LXC container running on Proxmox.
It still happens, and makes the "rudder agent update" command output the error message
error: Rudder agent policies could not be updated.
I'll work on this one next week or the following.
- Target version changed from 6.1.21 to old 6.1 issues to relocate
- Target version changed from old 6.1 issues to relocate to old 6.2 issues to relocate
- Priority changed from 43 to 93
- Status changed from New to In progress
- Assignee changed from Alexis Mousset to Benoît PECCATTE
- Priority changed from 93 to 96
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-packages/pull/2719
- Pull Request changed from https://github.com/Normation/rudder-packages/pull/2719 to https://github.com/Normation/rudder-packages/pull/2727
- Target version changed from old 6.2 issues to relocate to 7.2.7
- Regression set to No
- Status changed from Pending technical review to Pending release
- Status changed from Pending release to Released
- Priority changed from 96 to 97
This bug has been fixed in Rudder 7.2.7 and 7.3.2 which were released today.
Also available in: Atom
PDF