-
Notifications
You must be signed in to change notification settings - Fork 532
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Plugin] Detect copy operations without the adequate access rights #1867
Conversation
Here's an example inside a LXD container with no access to
Instead of throwing a raise exception in the form of a traceback:
|
After many re-consideration from my part, I have switched from log_error to log_warn and changed/refined the msg to the following:
|
lxd source pkg explaining why binfmt is permission denied during sosreport run inside a lxd container. lxd/apparmor.go
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1.
For completeness this goes from:
Starting 47/54 system [Running: processor scsi services system] caught exception in plugin method "system.collect()"
caught exception in plugin method "system.collect()"
writing traceback to sos_logs/system-plugin-errors.txt
writing traceback to sos_logs/system-plugin-errors.txt
Finishing plugins [Running: system]
To:
Starting 47/54 system [Running: networking processor services system] [plugin:system] _copy_dir: '/proc/sys/fs' Permission denied likely due to Linux Security Modules (LSM) restrictions
Finishing plugins [Running: systemd]
Much nicer!
@bmr-cymru @pmoravec @TurboTurtle I would like to request a review from you guys when time permit. This make the user experience nicer IMHO. Instead of letting |
(e.g. apparmor restriction for '/proc/sys/fs/binfmt' inside a LXD container) Fix: #1662 Signed-off-by: Eric Desrochers <eric.desrochers@canonical.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me. Not sure of proper phrase of the error msg (despite this is what I roughly suggested), but that can be subjective.
Likely due to Linux Security Modules such as apparmor, selinux, ...
Fix: #1662
Signed-off-by: Eric Desrochers eric.desrochers@canonical.com
Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines
Closes: #ISSUENUMBER
included in an independent line?Resolves: #PRNUMBER
included in an independent line?