Bug#921409: netdata: plugins can't sudo without CAP_AUDIT_WRITE

[Nye Liu]

Correction:

Have to add cap to /lib/systemd/system/netdata.service. Change

CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID 
CAP_SETUID CAP_NET_RAW


to

CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID 
CAP_SETUID CAP_NET_RAW CAP_AUDIT_WRITE

Bug#921409: netdata: plugins can't sudo without CAP_AUDIT_WRITE

[Nye Liu]

Package: netdata
Version: 1.11.1+dfsg-7
Severity: normal

Without CAP_AUDIT_WRITE, plugins that try to sudo will fail with

PAM audit_log_acct_message() failed: Operation not permitted

The fix is

sudo setcap cap_audit_write+ep /usr/sbin/netdata

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'oldstable'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages netdata depends on:
ii  netdata-core  1.11.1+dfsg-7
ii  netdata-plugins-bash  1.11.1+dfsg-7
ii  netdata-web   1.11.1+dfsg-7

Versions of packages netdata recommends:
ii  netdata-plugins-nodejs  1.11.1+dfsg-7
ii  netdata-plugins-python  1.11.1+dfsg-7

netdata suggests no packages.

-- debconf information excluded