We recently observed problems on Checkmk appliances caused by the agent mounting volumes.
This was in turn caused by the section responsible to output the statistics created by the mk-job wrapper.
For every existing /var/lib/check_mk_agent/job/[USER] folder, the agent started a login shell for USER.
This in turn made systemd automatically mount a volume under certain circumstances.
The agents use of su was a measure to prevent symlink and hardlink attacks -- this is now done differently, without the use of su.
Zur Liste aller Werks