Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[System] Mark logs-system.syslog data stream as requires root #9893

Merged
merged 3 commits into from
May 16, 2024
Merged

[System] Mark logs-system.syslog data stream as requires root #9893

merged 3 commits into from
May 16, 2024

Conversation

kpollich
Copy link
Member

Proposed commit message

Mark logs-system.syslog data stream as requires root

Reading syslog files requires root, so if this data stream is in use the agent will require root privileges. Adding agent.privileges.root: true makes Fleet/Agent aware of the requirement for escalated privileges.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Run an agent with the system integration and verify it collects data when run as a root user. I don't think the majority of the non-root agent work is "wired up" so there won't be anything obvious to test at this time. See elastic/kibana#183283.

Related issues

Closes #9886

@kpollich kpollich added the enhancement New feature or request label May 16, 2024
@kpollich kpollich requested a review from a team May 16, 2024 11:55
@kpollich kpollich self-assigned this May 16, 2024
@kpollich kpollich requested review from a team as code owners May 16, 2024 11:55
@kpollich
Copy link
Member Author

cc @nimarezainia

@kpollich
Copy link
Member Author

Note the formatting in the diff is just the result of elastic-package check as far as I can tell, but maybe my editor autoformatted these files? I don't recall opening anything other than the main system manifest.yml and syslog/manifest.yml though so my editor didn't touch those files AFAIK. 🤷

juliaElastic
juliaElastic approved these changes May 16, 2024
View reviewed changes
Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

cc @kpollich

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@kpollich kpollich merged commit 666c108 into main May 16, 2024
5 checks passed
@elasticmachine
Copy link

Package system - 1.58.0 containing this change is available at https://epr.elastic.co/search?package=system

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjwolf mjwolf mjwolf approved these changes

@juliaElastic juliaElastic juliaElastic approved these changes

@ishleenk17 ishleenk17 ishleenk17 approved these changes

Assignees

@kpollich kpollich

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[System package] System package should indicate that it required root privilages to read system.log file
5 participants
@kpollich @elasticmachine @mjwolf @juliaElastic @ishleenk17