SubsystemMountpoints() can return wong V2 path for non-root container environments
#139
Labels
Comments
4 tasks
fearful-symmetry
added a commit
that referenced
this issue
Apr 18, 2024
…tainer (#140) ## What does this PR do? Closes elastic/beats#38241 This adds a lightweight test framework that runs a set of system tests under a container with the goal of monitoring the host system. The goal with these tests is to catch the numerous edge cases that happen when the system metrics function from a `/hostfs` path inside a container. The tests have a fairly large matrix of configurations, as we need to test both a wide variety of container permission settings, as well as differences in how linux distros will configure cgroups. The framework here was designed with the goal of being relatively idiomatic; you can just run the framework with `go test` as you would normally. You can run the tests yourself with `go test -v ./tests` As you may have noticed, there's a non-zero amount of TODO statements here, since these tests were built to aggravate a bunch of existing bugs, so certain parts of the tests will remain un-implemented until those bugs are fixed. ## Why is it important? See elastic/beats#38241, we really need test for this particular case. ## List of bugs that are responsible for TODO statements in the tests: - #141 - #135 - #139 - #132 - elastic/go-sysinfo#12 ## Checklist - [x] My code follows the style guidelines of this project - [x] I have commented my code, particularly in hard-to-understand areas - [x] I have added tests that prove my fix is effective or that my feature works - [ ] I have added an entry in `CHANGELOG.md`
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now,
SubsystemMountpoints()will calculate the V2 mountpoint by iterating through/proc/self/mountpointsand and updating theV2Locas it finds it in the file, ending with the last result. Problem is, somemountpointsfiles look like this:In this case, the last mountpoint is
/hostfs/var/lib/docker/overlay2/1b570230fa3ec3679e354b0c219757c739f91d774ebc02174106488606549da0/merged/sys/fs/cgroupProblem is, this is a docker overlayfs path, and if the container is running as non-root
--user=whomever, then we can't read from this file.The hostfs path works fine:
The text was updated successfully, but these errors were encountered: