-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle new action for switching Agent from privileged to unprivileged mode #4973
Comments
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
I think it would be useful to do a bit of technical definition for this feature, covering not just the responsibilities of Agent but also the associated responsibilities of Fleet UI and Fleet Server so we have a holistic design in place before starting to implement this feature. |
Switching the other way will technically be impossible but I agree we should make it clear from the UI when we will add this feature there. |
To add some details on the technical implementation for this work. The flow of this should work as the following:
|
@blakerouse WDYT about replacing the ack'ing mechanism with reporting as part of the check-in payload whether the Agent is running as privileged or not, perhaps as part of the |
@ycombinator Actually that would be better. |
Describe the enhancement:
Elastic Agents have the ability to run in either privileged mode, i.e. with a privileged user like
root
on Linux systems, or unprivileged mode, i.e. with an unprivileged user.Moreover, Agents running in privileged mode have the ability to switch themselves to unprivileged mode. This ability is being exposed via the Agent CLI. We now wish to expose this same ability using the Fleet UI.
For this, Agent will need to handle a new action from Fleet.
Describe a specific use case for the feature:
Security: Allowing users to reduce the privileges required to run Elastic Agent.
What is the definition of done?
The text was updated successfully, but these errors were encountered: