Werk #14650: mk_job: No longer mount volumes on monitored hosts

Komponente Checks & agents
Titel mk_job: No longer mount volumes on monitored hosts
Datum 20.10.2022
Checkmk-Editon Checkmk Raw (CRE)
Checkmk-Version 2.2.0i1 2.1.0p15 2.0.0p30
Level Kleine Änderung
Klasse Bugfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

We recently observed problems on Checkmk appliances caused by the agent mounting volumes.

This was in turn caused by the section responsible to output the statistics created by the mk-job wrapper.

For every existing /var/lib/check_mk_agent/job/[USER] folder, the agent started a login shell for USER. This in turn made systemd automatically mount a volume under certain circumstances.

The agents use of su was a measure to prevent symlink and hardlink attacks -- this is now done differently, without the use of su.

Zur Liste aller Werks