Werk #14650: mk_job: No longer mount volumes on monitored hosts

Component Checks & agents
Title mk_job: No longer mount volumes on monitored hosts
Date Oct 20, 2022
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.0.0p30 2.1.0p15 2.2.0b1
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed

We recently observed problems on Checkmk appliances caused by the agent mounting volumes.

This was in turn caused by the section responsible to output the statistics created by the mk-job wrapper.

For every existing /var/lib/check_mk_agent/job/[USER] folder, the agent started a login shell for USER. This in turn made systemd automatically mount a volume under certain circumstances.

The agents use of su was a measure to prevent symlink and hardlink attacks -- this is now done differently, without the use of su.

To the list of all Werks