Werk #14650: mk_job: No longer mount volumes on monitored hosts
Komponente | Checks & agents |
Titel | mk_job: No longer mount volumes on monitored hosts |
Datum | 20.10.2022 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 2.0.0p30 2.1.0p15 2.2.0b1 |
Level | Kleine Änderung |
Klasse | Bugfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
We recently observed problems on Checkmk appliances caused by the agent mounting volumes.
This was in turn caused by the section responsible to output the statistics created by the mk-job wrapper.
For every existing /var/lib/check_mk_agent/job/[USER] folder, the agent started a login shell for USER. This in turn made systemd automatically mount a volume under certain circumstances.
The agents use of su was a measure to prevent symlink and hardlink attacks -- this is now done differently, without the use of su.