Bug #15636: Errors with Rudder agent on unprivileged containers (LXC) - Rudder - Issue Tracker

Updated by Stefan Schmitt over 6 years ago Actions
Copy link
#1

Category set to Agent

Updated by Alexis Mousset about 5 years ago Actions
Copy link
#2

# ls -ahl /proc
[...]
lrwxrwxrwx   1 nobody          nogroup            8 Sep 28 13:54 net -> self/net
[...]
lrwxrwxrwx   1 nobody          nogroup            0 Sep 28 13:51 self -> 2607
[...]
dr-xr-xr-x   9 root            root               0 Sep 28 13:57 2607
[...]

Updated by Alexis Mousset about 5 years ago Actions
Copy link
#3

Assignee set to Alexis Mousset
Target version set to 6.1.5

Updated by Alexis Mousset about 5 years ago Actions
Copy link
#4

Status changed from New to In progress

Updated by Alexis Mousset about 5 years ago Actions
Copy link
#5

Upstream issue: https://tracker.mender.io/browse/CFE-3429

Updated by Vincent MEMBRÉ about 5 years ago Actions
Copy link
#6

Target version changed from 6.1.5 to 6.1.6

Updated by Vincent MEMBRÉ about 5 years ago Actions
Copy link
#7

Target version changed from 6.1.6 to 6.1.7

Updated by Mathias B. about 5 years ago Actions
Copy link
#8

Still an issue on Rudder agent version 6.2.0~beta1 on Debian 10 (buster), on an unprivilegied LXC container running on Proxmox.

Output when running rudder agent update:

error: Cannot follow symlink '/proc/net/netstat'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/snmp6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/ipv6_route'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/if_inet6'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.
error: Cannot follow symlink '/proc/net/dev'; it is not owned by root or the user running this process, and the target owner and/or group differs from that of the symlink itself.

Output of ls -l /proc:

...
lrwxrwxrwx  1 nobody        nogroup                    8 Nov 11 19:22 net -> self/net
...
lrwxrwxrwx  1 nobody        nogroup                    0 Nov 11 17:24 self -> 22206
...
dr-xr-xr-x  9 root          root                       0 Nov 11 19:22 22206
...

rudder agent health returns "OK".

Updated by Vincent MEMBRÉ almost 5 years ago Actions
Copy link
#9

Target version changed from 6.1.7 to 6.1.8

Updated by Vincent MEMBRÉ almost 5 years ago Actions
Copy link
#10

Target version changed from 6.1.8 to 6.1.9

Updated by Vincent MEMBRÉ almost 5 years ago Actions
Copy link
#11

Target version changed from 6.1.9 to 6.1.10

Updated by Vincent MEMBRÉ over 4 years ago Actions
Copy link
#12

Target version changed from 6.1.10 to 6.1.11

Updated by Vincent MEMBRÉ over 4 years ago Actions
Copy link
#13

Target version changed from 6.1.11 to 6.1.12

Updated by Vincent MEMBRÉ over 4 years ago Actions
Copy link
#14

Target version changed from 6.1.12 to 6.1.13

Updated by Vincent MEMBRÉ over 4 years ago Actions
Copy link
#15

Target version changed from 6.1.13 to 6.1.14

Updated by Vincent MEMBRÉ over 4 years ago Actions
Copy link
#16

Target version changed from 6.1.14 to 6.1.15

Updated by Vincent MEMBRÉ over 4 years ago Actions
Copy link
#17

Target version changed from 6.1.15 to 6.1.16

Updated by Vincent MEMBRÉ over 4 years ago Actions
Copy link
#18

Target version changed from 6.1.16 to 6.1.17

Updated by Vincent MEMBRÉ about 4 years ago Actions
Copy link
#19

Target version changed from 6.1.17 to 6.1.18

Updated by Vincent MEMBRÉ almost 4 years ago Actions
Copy link
#20

Target version changed from 6.1.18 to 6.1.19

Updated by Elaad FURREEDAN almost 4 years ago Actions
Copy link
#21

Translation missing: en.field_tag_list set to Sponsored

Updated by Vincent MEMBRÉ over 3 years ago Actions
Copy link
#22

Target version changed from 6.1.19 to 6.1.20

Updated by Vincent MEMBRÉ over 3 years ago Actions
Copy link
#23

Target version changed from 6.1.20 to 6.1.21

Updated by Alexis Mousset over 3 years ago Actions
Copy link
#25

Status changed from In progress to New

Updated by Alexis Mousset over 3 years ago Actions
Copy link
#26

Tracker changed from User story to Bug
UX impact set to I dislike using that feature
Suggestion strength deleted (~~Advise - This would make Rudder significantly better | easier | simpler~~)
Severity set to Major - prevents use of part of Rudder | no simple workaround
Priority set to 43

Updated by Stefan Schmitt over 3 years ago Actions
Copy link
#27

Still an issue on Rudder agent version 7.1.1 on Debian 11 (bullseye), on an unprivilegied LXC container running on Proxmox.

Updated by Nicolas CHARLES over 3 years ago Actions
Copy link
#28

It still happens, and makes the "rudder agent update" command output the error message

error: Rudder agent policies could not be updated.

Updated by Alexis Mousset over 3 years ago Actions
Copy link
#29

I'll work on this one next week or the following.

Updated by Vincent MEMBRÉ over 3 years ago Actions
Copy link
#30

Target version changed from 6.1.21 to old 6.1 issues to relocate

Updated by Alexis Mousset almost 3 years ago Actions
Copy link
#31

Target version changed from old 6.1 issues to relocate to old 6.2 issues to relocate
Priority changed from 43 to 93

Updated by Benoît PECCATTE over 2 years ago Actions
Copy link
#32

Status changed from New to In progress
Assignee changed from Alexis Mousset to Benoît PECCATTE
Priority changed from 93 to 96

Updated by Benoît PECCATTE over 2 years ago Actions
Copy link
#33

Status changed from In progress to Pending technical review
Assignee changed from Benoît PECCATTE to Alexis Mousset
Pull Request set to https://github.com/Normation/rudder-packages/pull/2719

PR https://github.com/Normation/rudder-packages/pull/2719

Updated by Benoît PECCATTE over 2 years ago Actions
Copy link
#34

Pull Request changed from https://github.com/Normation/rudder-packages/pull/2719 to https://github.com/Normation/rudder-packages/pull/2727

PR https://github.com/Normation/rudder-packages/pull/2727

Updated by Benoît PECCATTE over 2 years ago Actions
Copy link
#35

Target version changed from old 6.2 issues to relocate to 7.2.7
Regression set to No

Updated by Benoît PECCATTE over 2 years ago Actions
Copy link
#36

Status changed from Pending technical review to Pending release

Applied in changeset rudder-packages|588a68ddba0b1d0a8e40e665a4b85261813080ea.

Updated by Vincent MEMBRÉ over 2 years ago Actions
Copy link
#37

Status changed from Pending release to Released
Priority changed from 96 to 97

This bug has been fixed in Rudder 7.2.7 and 7.3.2 which were released today.

Project

General

Profile

Rudder

Custom queries

Bug #15636

Errors with Rudder agent on unprivileged containers (LXC)

Updated by Stefan Schmitt over 6 years ago ActionsCopy link #1

Updated by Alexis Mousset about 5 years ago ActionsCopy link #2

Updated by Alexis Mousset about 5 years ago ActionsCopy link #3

Updated by Alexis Mousset about 5 years ago ActionsCopy link #4

Updated by Alexis Mousset about 5 years ago ActionsCopy link #5

Updated by Vincent MEMBRÉ about 5 years ago ActionsCopy link #6

Updated by Vincent MEMBRÉ about 5 years ago ActionsCopy link #7

Updated by Mathias B. about 5 years ago ActionsCopy link #8

Updated by Vincent MEMBRÉ almost 5 years ago ActionsCopy link #9

Updated by Vincent MEMBRÉ almost 5 years ago ActionsCopy link #10

Updated by Vincent MEMBRÉ almost 5 years ago ActionsCopy link #11

Updated by Vincent MEMBRÉ over 4 years ago ActionsCopy link #12

Updated by Vincent MEMBRÉ over 4 years ago ActionsCopy link #13

Updated by Vincent MEMBRÉ over 4 years ago ActionsCopy link #14

Updated by Vincent MEMBRÉ over 4 years ago ActionsCopy link #15

Updated by Vincent MEMBRÉ over 4 years ago ActionsCopy link #16

Updated by Vincent MEMBRÉ over 4 years ago ActionsCopy link #17

Updated by Vincent MEMBRÉ over 4 years ago ActionsCopy link #18

Updated by Vincent MEMBRÉ about 4 years ago ActionsCopy link #19

Updated by Vincent MEMBRÉ almost 4 years ago ActionsCopy link #20

Updated by Elaad FURREEDAN almost 4 years ago ActionsCopy link #21

Updated by Vincent MEMBRÉ over 3 years ago ActionsCopy link #22

Updated by Vincent MEMBRÉ over 3 years ago ActionsCopy link #23

Updated by Alexis Mousset over 3 years ago ActionsCopy link #25

Updated by Alexis Mousset over 3 years ago ActionsCopy link #26

Updated by Stefan Schmitt over 3 years ago ActionsCopy link #27

Updated by Nicolas CHARLES over 3 years ago ActionsCopy link #28

Updated by Alexis Mousset over 3 years ago ActionsCopy link #29

Updated by Vincent MEMBRÉ over 3 years ago ActionsCopy link #30

Updated by Alexis Mousset almost 3 years ago ActionsCopy link #31

Updated by Benoît PECCATTE over 2 years ago ActionsCopy link #32

Updated by Benoît PECCATTE over 2 years ago ActionsCopy link #33

Updated by Benoît PECCATTE over 2 years ago ActionsCopy link #34

Updated by Benoît PECCATTE over 2 years ago ActionsCopy link #35

Updated by Benoît PECCATTE over 2 years ago ActionsCopy link #36

Updated by Vincent MEMBRÉ over 2 years ago ActionsCopy link #37