-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Heartbeat] Changes to default beats directories prevent startup #2315
Comments
cc @andrewvc |
I am trying to read through all the history here to figure out what is different about Heartbeat that it doesn't work in this configuration. If I start a docker container I see every other input can successfully bind to their HTTP unix sockets:
We explicitly create the elastic-agent/pkg/component/runtime/command.go Lines 319 to 322 in fd26c38
|
Looking at elastic/beats#30869 I think this is the explanation:
|
@cmacknz Yes, that's correct. default directory used to have |
Thanks, I think the only fix is to change the permissions back to what they were then. In general we default to the most restrictive permission that seem reasonable, but we didn't consider this. In the future we may want to allow indicating what permissions a binary needs directly in the spec file to avoid this bug and having to set less restrictive permissions for directories that don't actually need it. |
Summary
Changes to default permission levels on default beat directories prevent heartbeat startup on docker container when running as
root
This is a regression of #202 and #368.
How to repro
synthetics-*
component to report as unhealthy.Comparing default directory perms betwen
8.4.3
and8.6.2
, permission changed from775
to755
in some dest:The text was updated successfully, but these errors were encountered: