Plugin docker_: reduce permissions of plugin

root privileges are not required for sending queries to the docker socket. Instead the group "docker" should be sufficient. Additionally replace /var/run with /run (following updates of FHS).
munin-monitoring · Feb 22, 2021 · 7ac8508 · 7ac8508
1 parent 807f15b
commit 7ac8508
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/plugins/docker/docker_ b/plugins/docker/docker_
@@ -59,12 +59,15 @@ Would exclude all containers with the word "runner" in the name.
 =over 2
 
     [docker_*]
-    user root
-    env.DOCKER_HOST unix://var/run/docker.sock
+    group docker
+    env.DOCKER_HOST unix://run/docker.sock
     env.EXCLUDE_CONTAINER_NAME regexp
 
 =back
 
+You may need to pick a different group depending on the name schema of your
+distribution.  Or maybe use "user root", if nothing else works.
+
 =head1 AUTHORS
 
 This section has been reverse-engineered from git logs