Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v3] Can not get mountinfo on android #1159

Closed
1 task done
shirou opened this issue Oct 21, 2021 · 9 comments · Fixed by #1270
Closed
1 task done

[v3] Can not get mountinfo on android #1159

shirou opened this issue Oct 21, 2021 · 9 comments · Fixed by #1270
Assignees
@shirou
Labels
os:linux package:disk

Comments

@shirou
Copy link
Owner

shirou commented Oct 21, 2021

Describe the bug

#1133 changes getting mountinfo source from /proc/self/mountinfo to /proc/1/mountinfo in order to adapt container. However, from this report by @tmm1(thank you!) , Android can not read /proc/1/mountinfo because of Permission denied.

Expected behavior

success to get mountinfo.

Environment (please complete the following information):

  • Linux: [paste contents of /etc/os-release and the result of uname -a]

android

Additional context

Perhaps, we should add "fallback" to use /proc/self/mountinfo if error happened.
@shirou shirou self-assigned this Oct 21, 2021
@shirou shirou mentioned this issue Oct 21, 2021
Merged
@Lomanic Lomanic mentioned this issue Jan 1, 2022
Closed
5 tasks
@Lomanic
Copy link
Collaborator

Lomanic commented Jan 1, 2022

#1133 broke more than just Android apps, but also apps running as unprivileged users on systems with procfs mounted with hidepid=2, see #1212.

This was referenced Jan 4, 2022
Closed
Closed
@cbos
Copy link

cbos commented Mar 3, 2022

@shirou

We face the same issue with Telegraf, see influxdata/telegraf#10357

We applied the CIS Hardening rules by running https://github.com/dev-sec/ansible-collection-hardening
Due to that hidepid is now applied. Since that moment the disk info about disk usage is not available anymore.
hidepid is a common security measure, see https://linux-audit.com/linux-system-hardening-adding-hidepid-to-proc/ for more info.

In the troubleshouting section of the disk plugin (https://github.com/influxdata/telegraf/tree/master/plugins/inputs/disk#troubleshooting) there is described to test this:
sudo -u telegraf cat /proc/self/mounts and that works fine.

So using /proc/self instead of /proc/1 would solve the problem.

As this project is used as upstream project, this block some functionality of Telegraf as well.
Hopefully it can be fixed soon.

@shirou shirou mentioned this issue Mar 5, 2022
Merged
@shirou
Copy link
Owner Author

shirou commented Mar 5, 2022

#1270 created. Could you check by using that PR?

@cbos
Copy link

cbos commented Mar 5, 2022

@shirou
Thanks for fixing this. I quickly checked the code changes and that looks good to me as far as I can see.

@powersj
What would be quick way I can validate this with telegraf?

@powersj
Copy link
Contributor

powersj commented Mar 7, 2022

I ran:

GOPROXY=direct go get -u github.com/shirou/gopsutil/v3@feature/disk_add_fallback_to_self_mountinfo

Which upgraded the gopsutil dependency to the branch with the fix. I have put up a PR here, which should have some artifacts attached to it shortly that you can then try out.

@cbos
Copy link

cbos commented Mar 8, 2022

@shirou @powersj
I tested the new version available in the PR, and that solved the problem. I can read the data again.

@shirou
Copy link
Owner Author

shirou commented Mar 8, 2022

#1270 has been merged. Thank you for confirming!

@cbos
Copy link

cbos commented Mar 8, 2022

@shirou
Thanks for fixing!
When do you expect a new release is available with this fix included?

@Lomanic
Copy link
Collaborator

Lomanic commented Mar 8, 2022

gopsutil releases are monthly @cbos https://github.com/shirou/gopsutil#tag-semantics

This was referenced Mar 9, 2022
Closed
Closed
jdstrand added a commit to jdstrand/gopsutil that referenced this issue Mar 9, 2022
@jdstrand
[disk][linux] add SELF_MOUNTINFO to use /proc/self
514d2a8 
The changes to gopsutil for reading /proc/1/mountinfo affected
applications running under restricted environments that disallows access
to /proc/1/mountinfo. shirou#1159 was filed for android but other restricted
environments are also affected (eg, snaps)). The fix for shirou#1159 addressed
the application behavior to work under confinement for non-android as
well. However, depending on the system, the attempt to read
/proc/1/mountinfo could cause a sandbox denial in the logs which can be
quite noisy if using gopsutil as part of a monitoring solution that
polls often.

This introduces the SELF_MOUNTINFO to force reading from /proc/self
instead of first trying /proc/1. When unset or set to anything other
than '1', retain the current behavior with fallback. This allows people
to set SELF_MOUNTINFO=1 when gopsutil is running under these restricted
environments.
@jdstrand jdstrand mentioned this issue Mar 9, 2022
Merged
jdstrand added a commit to jdstrand/gopsutil that referenced this issue Mar 29, 2022
@jdstrand
[disk][linux] add HOST_PROC_MOUNTINFO, closes shirou#1271
9e6e627 
The changes to gopsutil for reading /proc/1/mountinfo affected
applications running under restricted environments that disallows access
to /proc/1/mountinfo. shirou#1159 was filed for android but other restricted
environments are also affected (eg, snaps)). The fix for shirou#1159 addressed
the application behavior to work under confinement for non-android as
well. However, depending on the system, the attempt to read
/proc/1/mountinfo could cause a sandbox denial in the logs which can be
quite noisy if using gopsutil as part of a monitoring solution that
polls often.

This introduces HOST_PROC_MOUNTINFO to force reading from the parent dir
of the specified path instead of first trying /proc/1. When unset,
retain the current behavior with fallback. This allows people, for
example, to set HOST_PROC_MOUNTINFO=/proc/self/mountinfo when gopsutil
is running under these restricted environments.

This change updates the private readMountFile() to use a root path
instead of a root subpath, and adjusts PartitionsWithContext() to set
the root path to /proc/1 initially and falling back to /proc/self. When
HOST_PROC_MOUNTINFO is not empty, set the root path to the parent
directory of HOST_PROC_MOUNTINFO.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shirou shirou

Labels
os:linux package:disk
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[disk][linux] add fallback to /proc/self shirou/gopsutil
4 participants
@shirou @cbos @Lomanic @powersj