firewall-drop can't remove lock folder in unprivileged LXC container

[RichardTUB]

Wazuh version	Component	Install type	Install method	Platform
4.7.3#40714 and 4.7.4	Active response	Agent	Packages	Debian GNU/Linux 12.5 (in LXC Container)

The firewall-drop active response stops working shortly after its activated. The first IP gets banned (but never unbanned), and after that, banning doesn't work at all.
logs/active-responses.log:

2024/05/03 15:04:18 active-response/bin/firewall-drop: Starting
2024/05/03 15:04:18 active-response/bin/firewall-drop: {"version":1,"origin":{"name":"manager_01","module":"wazuh-execd"},"command":"add","parameters":{[...],"program":"active-response/bin/firewall-drop"}}

2024/05/03 15:04:18 active-response/bin/firewall-drop: {"version":1,"origin":{"name":"firewall-drop","module":"active-response"},"command":"check_keys","parameters":{[...],"program":"active-response/bin/firewall-drop"}}

2024/05/03 15:04:18 active-response/bin/firewall-drop: Unable to remove lock folder
2024/05/03 15:04:18 active-response/bin/firewall-drop: Ended

2024/05/03 15:49:37 active-response/bin/firewall-drop: Starting
2024/05/03 15:49:37 active-response/bin/firewall-drop: {"version":1,"origin":{"name":"manager_01","module":"wazuh-execd"},"command":"add","parameters":{[...],"program":"active-response/bin/firewall-drop"}}

2024/05/03 15:49:37 active-response/bin/firewall-drop: {"version":1,"origin":{"name":"firewall-drop","module":"active-response"},"command":"check_keys","parameters":{[...],"program":"active-response/bin/firewall-drop"}}

2024/05/03 16:00:02 active-response/bin/firewall-drop: Unable to kill process 731069 holding lock.
2024/05/03 16:00:02 active-response/bin/firewall-drop: Unable to remove lock folder
2024/05/03 16:00:02 active-response/bin/firewall-drop: Unable to take lock. End.
[...]

Here's the permissions of the active-response/bin folder:

root@xxx:/var/ossec# ls -la active-response/bin/
total 193
drwxr-x--- 3 root wazuh    18 May  3 15:04 .
drwxr-x--- 3 root wazuh     3 Apr 19 09:23 ..
-rwxr-x--- 1 root wazuh 21352 Feb 29 14:04 default-firewall-drop
-rwxr-x--- 1 root wazuh 19304 Feb 29 14:04 disable-account
-rwxr-x--- 1 root wazuh 19304 Feb 29 14:04 firewalld-drop
-rwxr-x--- 1 root wazuh 21352 Feb 29 14:04 firewall-drop
d---r-x--- 2 root wazuh     3 May  3 15:04 fw-drop !!!!!!!!!!!!!!!!!!!!!!!!!!
-rwxr-x--- 1 root wazuh 19328 Feb 29 14:04 host-deny
-rwxr-x--- 1 root wazuh 17360 Feb 29 14:04 ip-customblock
-rwxr-x--- 1 root wazuh 17992 Feb 29 14:04 ipfw
-rwxr-x--- 1 root wazuh 16840 Feb 29 14:04 kaspersky
-rwxr-x--- 1 root wazuh 14429 Feb 29 14:04 kaspersky.py
-rwxr-x--- 1 root wazuh 17744 Feb 29 14:04 npf
-rwxr-x--- 1 root wazuh 19312 Feb 29 14:04 pf
-rwxr-x--- 1 root wazuh   695 Feb 29 14:04 restart.sh
-rwxr-x--- 1 root wazuh 16360 Feb 29 14:04 restart-wazuh
-rwxr-x--- 1 root wazuh 17120 Feb 29 14:04 route-null
-rwxr-x--- 1 root wazuh 19272 Feb 29 14:04 wazuh-slack

root@xxx:/var/ossec# ls -la active-response/bin/fw-drop/
total 10
d---r-x--- 2 root wazuh  3 May  3 15:04 .
drwxr-x--- 3 root wazuh 18 May  3 15:04 ..
-rw-r--r-- 1 root wazuh  6 May  3 15:04 pid

These permissions of the lock folder are 050, I guess that might be the reason the deletion of the folder fails.
I tried deleting the folder, but the active response seems to recreate it with the same permissions.

The system is an unprivileged LXC container. The root user can't delete/modify arbitrary files, it can only delete/modify files it has permissions for, like a regular user.

[RichardTUB]

Upgraded agent to v4.7.4, but problem persists.