Werk #14650: mk_job: No longer mount volumes on monitored hosts
|Component||Checks & agents|
|Title||mk_job: No longer mount volumes on monitored hosts|
|Date||Oct 20, 2022|
|Checkmk Editon||Checkmk Raw (CRE)|
|Checkmk Version||2.2.0i1 2.1.0p15 2.0.0p30|
|Compatibility||Compatible - no manual interaction needed|
We recently observed problems on Checkmk appliances caused by the agent mounting volumes.
This was in turn caused by the section responsible to output the statistics created by the mk-job wrapper.
For every existing /var/lib/check_mk_agent/job/[USER] folder, the agent started a login shell for USER. This in turn made systemd automatically mount a volume under certain circumstances.
The agents use of su was a measure to prevent symlink and hardlink attacks -- this is now done differently, without the use of su.