New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change the workflow on how we set the right permissions for perf-plugin #16558
Conversation
Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud>
Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud>
Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud>
Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud>
Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud>
Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud>
Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud>
I will spin up test envs for the 3 cases
|
@tkatsoulas I think it looks good now and will work. A minor note: we don't if ! first && ! second; then
action
fi if that is not a big deal nvm, lgtm. |
It’s generally not recommended to echo stuff there, but it’s not a major issue in most cases either. |
…in (netdata#16558) * Change the workflow on how we set the right permissions Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * Add a failsafe in case fail to set the cap_perfmon Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * add EOF new line Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * Fix workflow Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * minor spelling Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * we made it odyssey Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * Apply suggestion from code review Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * Tidy-up postinst script. --------- Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> Co-authored-by: Austin S. Hemmelgarn <austin@netdata.cloud> (cherry picked from commit e8a12b3)
…in (#16558) * Change the workflow on how we set the right permissions Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * Add a failsafe in case fail to set the cap_perfmon Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * add EOF new line Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * Fix workflow Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * minor spelling Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * we made it odyssey Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * Apply suggestion from code review Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> * Tidy-up postinst script. --------- Signed-off-by: Tasos Katsoulas <tasos@netdata.cloud> Co-authored-by: Austin S. Hemmelgarn <austin@netdata.cloud> (cherry picked from commit e8a12b3)
Summary
The current workflow has a flaw, the post installation script tries to set capabilities without making sure that the system supports them, so the script fails.
The new workflow follows the least privileged approach. Uses the
CAP_PERFMON
in systems that support it and if it fails to setCAP_SYS_ADMIN
then sets the setuid bit.Test Plan
On a deb based environment without support for CAPS
installation must finish without errors
Closes #16556