Werk #14962: Running cmk-agent-ctl leads to segfault on SELinux systems

Component Checks & agents
Title Running cmk-agent-ctl leads to segfault on SELinux systems
Date Dec 13, 2022
Checkmk Editon Checkmk Raw (CRE)
Checkmk Version 2.2.0i1 2.1.0p19
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed

When installing an RPM agent package including the agent controller (prepackaged agent package or agent bakery package), running the cmk-agent-ctl executable did fail on some systems with active SELinux. This lead to an installation without active controller, and thus without TLS encryption.

Affected systems include, but are not limited to, RHEL9 and derivates.

The root cause for this problem was that the controller was shipped as a UPX-compressed executable, which required text-relocation on execution. Further details can be found at this forum discussion: https://forum.checkmk.com/t/cmk-agent-ctl-segmentation-fault-on-rocky-linux-9/34909

To fix this problem, we now avoid to compress the agent controller with UPX. Instead, the cmk-agent-ctl executable is shipped as a gzip-archive and gets uncompressed on package installation.

You can fix your existing agent installations by updating with a new agent package. With activated automatic updates, this should happen automatically after baking agents.

To the list of all Werks