Remove broken options runoptions.uid and runoptions.gid (elastic#5261) (

elastic#5309) These were meant to allow dropping privileges in Packetbeat, but they no longer worked for a good while (since Golang 1.4). As shown in elastic#3542, a better way of running Packetbeat as a non-root user is to use capabilities: setcap cap_net_raw,cap_net_admin=eip packetbeat Closes elastic#3542. (cherry picked from commit 7fd75b5)
leweafan · Oct 4, 2017 · 637f0f3 · 637f0f3
1 parent 6cc71cc
commit 637f0f3
Show file tree

Hide file tree

Showing 7 changed files with 2 additions and 92 deletions.
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -24,6 +24,8 @@ https://github.com/elastic/beats/compare/v6.0.0-rc1...master[Check the HEAD diff
 
 *Packetbeat*
 
+- Remove not-working `runoptions.uid` and `runoptions.gid` options in Packetbeat. {pull}5261[5261]
+
 *Winlogbeat*
 
 ==== Bugfixes

diff --git a/libbeat/common/droppriv/droppriv_unix.go b/libbeat/common/droppriv/droppriv_unix.go
diff --git a/libbeat/common/droppriv/droppriv_windows.go b/libbeat/common/droppriv/droppriv_windows.go
diff --git a/packetbeat/beater/packetbeat.go b/packetbeat/beater/packetbeat.go
@@ -11,7 +11,6 @@ import (
 
 	"github.com/elastic/beats/libbeat/beat"
 	"github.com/elastic/beats/libbeat/common"
-	"github.com/elastic/beats/libbeat/common/droppriv"
 	"github.com/elastic/beats/libbeat/logp"
 	"github.com/elastic/beats/libbeat/processors"
 	"github.com/elastic/beats/libbeat/service"
@@ -177,11 +176,6 @@ func (pb *packetbeat) Run(b *beat.Beat) error {
 		}
 	}()
 
-	// This needs to be after the sniffer Init but before the sniffer Run.
-	if err := droppriv.DropPrivileges(pb.config.RunOptions); err != nil {
-		return err
-	}
-
 	defer pb.transPub.Stop()
 	if pb.flows != nil {
 		pb.flows.Start()

diff --git a/packetbeat/config/config.go b/packetbeat/config/config.go
@@ -4,7 +4,6 @@ import (
 	"time"
 
 	"github.com/elastic/beats/libbeat/common"
-	"github.com/elastic/beats/libbeat/common/droppriv"
 	"github.com/elastic/beats/libbeat/processors"
 	"github.com/elastic/beats/packetbeat/procs"
 )
@@ -17,7 +16,6 @@ type Config struct {
 	Procs           procs.ProcsConfig         `config:"procs"`
 	IgnoreOutgoing  bool                      `config:"ignore_outgoing"`
 	ShutdownTimeout time.Duration             `config:"shutdown_timeout"`
-	RunOptions      droppriv.RunOptions
 }
 
 type InterfacesConfig struct {

diff --git a/packetbeat/docs/configuring-howto.asciidoc b/packetbeat/docs/configuring-howto.asciidoc
@@ -34,7 +34,6 @@ The following topics describe how to configure Packetbeat:
 * <<configuration-dashboards>>
 * <<configuration-template>>
 * <<configuration-logging>>
-* <<configuration-run-options>>
 * <<using-environ-vars>>
 * <<yaml-tips>>
 
@@ -63,8 +62,6 @@ include::../../libbeat/docs/setup-config.asciidoc[]
 
 include::../../libbeat/docs/loggingconfig.asciidoc[]
 
-include::./runconfig.asciidoc[]
-
 :standalone:
 include::../../libbeat/docs/shared-env-vars.asciidoc[]
 

diff --git a/packetbeat/docs/runconfig.asciidoc b/packetbeat/docs/runconfig.asciidoc