Package: netdata
Version: 1.9.0+dfsg-1

Dear maintainer,

When installing netdata in a (LXD) container I noticed the setcap call
would fail during postinst.

I believe this is because file capabilities can only be set in the
original namespace unless you run a 4.14+ kernel which includes [1].

Please consider the attached patch that will gracefully fallback to
setuid apps.plugin in case of setcap failure. Upstream does something
similar [2].

Regards,
Simon

1:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8db6c34f1dbc8e06aa016a9b829b06902c3e1340
2: https://github.com/firehol/netdata/blob/master/netdata-installer.sh#L822
diff -Nru netdata-1.9.0+dfsg/debian/netdata.postinst.in netdata-1.9.0+dfsg/debian/netdata.postinst.in
--- netdata-1.9.0+dfsg/debian/netdata.postinst.in	2018-01-26 23:57:51.000000000 +0000
+++ netdata-1.9.0+dfsg/debian/netdata.postinst.in	2018-01-28 23:20:51.000000000 +0000
@@ -23,7 +23,8 @@
         fi
 
         chown -R root:netdata /usr/lib/@DEB_HOST_MULTIARCH@/netdata/plugins.d
-        setcap cap_dac_read_search,cap_sys_ptrace+ep /usr/lib/@DEB_HOST_MULTIARCH@/netdata/plugins.d/apps.plugin
+        setcap cap_dac_read_search,cap_sys_ptrace+ep /usr/lib/@DEB_HOST_MULTIARCH@/netdata/plugins.d/apps.plugin || \
+          chmod 4754 /usr/lib/@DEB_HOST_MULTIARCH@/netdata/plugins.d/apps.plugin
         chown netdata:adm /var/log/netdata
         chmod 02750 /var/log/netdata
 

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to