back to website

Werk #14650: mk_job: No longer mount volumes on monitored hosts

Component Checks & agents
Title mk_job: No longer mount volumes on monitored hosts
Date Oct 20, 2022
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.2.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p15 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0p30 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

We recently observed problems on Checkmk appliances caused by the agent mounting volumes.

This was in turn caused by the section responsible to output the statistics created by the mk-job wrapper.

For every existing /var/lib/check_mk_agent/job/[USER] folder, the agent started a login shell for USER. This in turn made systemd automatically mount a volume under certain circumstances.

The agents use of su was a measure to prevent symlink and hardlink attacks -- this is now done differently, without the use of su.

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2025 Checkmk GmbH. All rights reserved.

Join our Checkmk Conference #12 – the hybrid Monitoring Community event in Munich, on June 16-18 – to explore new Checkmk features, best practices, and our roadmap.

Register now