08 Feb 2021 09:15 PM - last edited on 27 Mar 2023 08:47 AM by MaciejNeumann
Hi!
This might be a long shot, but we started to notice a few operators from Openshift (4.5) start crashing with Selinux Related Issues (Permissions, exec user process caused "permission denied"). It seems something changed in the last week. I found this "New" RedHat doc
https://access.redhat.com/solutions/5738991
With the exact error that we have:
standard_init_linux.go:210: exec user process caused "permission denied"
type=AVC msg=audit(1611274913.168:2876): avc: denied { entrypoint } for pid=3344483 comm="runc:[2:INIT]" path="/opt/dynatrace/oneagent/agent/lib64/oneagentdynamizer" dev="dm-0" ino=18210275 scontext=system_u:system_r:container_t:s0:c2,c23 tcontext=system_u:object_r:oneagent_t:s0 tclass=file permissive=0
The solution is to uninstall Dynatrace... and that is not a solution really.
The workaround I found was to disable the injection with the container rules using the namespace of the operators with problems (openshift-monitoring so far).
This started happening after the Operator for that application was updated. It's possible that the previous version of the pod was not restarted and for that, we didn't notice the error before.
ps: I did create a ticket. I'm just asking in case someone already report it before and had an answer.
Solved! Go to Solution.
26 Mar 2021 12:40 PM
We are also running into this issue. Did you find a solution or got an answer from support?
26 Mar 2021 07:18 PM
Hi Pahofmann.
There was a patch that was pushed in v1.209 for this issue regarding SELinux.
-Michael
28 Apr 2021 04:51 PM
Hi! didn't get an alert about the question. As @michael_bonner said the problem looks resolved as far as OA209 was installed. Operators stop crashing.
We did get reports from a client that said that it was happening.. randomly even with 209. But why didn't get any info/log to look any further.
The tip (Client was in ARO (Azure Openshift)) was the host logs and check for the journal entry for AVC and oneagentdynamizer. For additional info, this was ONLY happening in GO runtime pods (Not only operators).
Cheers.
28 Apr 2021 05:36 PM
Customer updated now and issue was gone with agent OA 209.