Skip to content

stork-agent should be able to determine CWD of kea or named processes

@garbled1 reported in #243:

I keep getting this in my logs:
May 11 05:55:10 pollux stork-agent[29532]: #33 (closed)[33mWARN#033[0m[2020-05-11 05:55:10]          monitor.go:159   cannot get process current working directory: readlink /proc/22855/cwd: permission denied

lrwxrwxrwx 1 bind bind 0 Apr 18 13:32 /proc/22855/cwd -> /var/cache/bind
drwxr-xr-x 9 root root 4096 Oct 12  2019 /var/cache
drwxrwxr-x 2 root bind 4096 May 11 03:19 /var/cache/bind
That is probably apparmor related?

This can be solved by adding:

AmbientCapabilities=CAP_SYS_PTRACE

to service file.

CAP_SYS_PTRACE gives permission to read /proc/<pid>/cwd

Edited by Michal Nowikowski