Skip to content

Commit

Permalink
[Reporting] Switch Serverside Config Wrapper to NP (#62500) (#63648)
Browse files Browse the repository at this point in the history
* New config

* fix translations json

* add csv.useByteOrderMarkEncoding to schema

* imports cleanup

* restore "get default chromium sandbox disabled" functionality

* integrate getDefaultChromiumSandboxDisabled

* fix tests

* --wip-- [skip ci]

* add more schema tests

* diff prettiness

* trash legacy files that moved to NP

* create_config tests

* Hoist create_config

* better disableSandbox tests

* fix ts

* fix export

* fix bad code

* make comments better

* fix i18n

* comment

* automatically setting... logs

* replace log_configuration

* fix lint

* This is f2

* improve startup log about sandbox info

* update docs with log reference

* revert log removal

Co-authored-by: Elastic Machine <[email protected]>

Co-authored-by: Elastic Machine <[email protected]>
  • Loading branch information
tsullivan and elasticmachine authored Apr 16, 2020
1 parent 24abdd4 commit 3cd177d
Show file tree
Hide file tree
Showing 28 changed files with 709 additions and 842 deletions.
10 changes: 5 additions & 5 deletions docs/user/reporting/chromium-sandbox.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@ sandboxing techniques differ for each operating system.
The Linux sandbox depends on user namespaces, which were introduced with the 3.8 Linux kernel. However, many
distributions don't have user namespaces enabled by default, or they require the CAP_SYS_ADMIN capability. {reporting}
will automatically disable the sandbox when it is running on Debian and CentOS as additional steps are required to enable
unprivileged usernamespaces. In these situations, you'll see the following message in your {kib} logs:
`Enabling the Chromium sandbox provides an additional layer of protection`.
unprivileged usernamespaces. In these situations, you'll see the following message in your {kib} startup logs:
`Chromium sandbox provides an additional layer of protection, but is not supported for your OS.
Automatically setting 'xpack.reporting.capture.browser.chromium.disableSandbox: true'.`

If your kernel is 3.8 or newer, it's
recommended to enable usernamespaces and set `xpack.reporting.capture.browser.chromium.disableSandbox: false` in your
`kibana.yml` to enable the sandbox.
Reporting will automatically enable the Chromium sandbox at startup when a supported OS is detected. However, if your kernel is 3.8 or newer, it's
recommended to set `xpack.reporting.capture.browser.chromium.disableSandbox: false` in your `kibana.yml` to explicitly enable usernamespaces.

==== Docker
When running {kib} in a Docker container, all container processes are run within a usernamespace with seccomp-bpf and
Expand Down
Loading

0 comments on commit 3cd177d

Please sign in to comment.