cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Openshift Components Error when Oneagent Injected.

Dante
Mentor

Hi!

This might be a long shot, but we started to notice a few operators from Openshift (4.5) start crashing with Selinux Related Issues (Permissions, exec user process caused "permission denied"). It seems something changed in the last week. I found this "New" RedHat doc

https://access.redhat.com/solutions/5738991

With the exact error that we have:

standard_init_linux.go:210: exec user process caused "permission denied"

type=AVC msg=audit(1611274913.168:2876): avc: denied { entrypoint } for pid=3344483 comm="runc:[2:INIT]" path="/opt/dynatrace/oneagent/agent/lib64/oneagentdynamizer" dev="dm-0" ino=18210275 scontext=system_u:system_r:container_t:s0:c2,c23 tcontext=system_u:object_r:oneagent_t:s0 tclass=file permissive=0

The solution is to uninstall Dynatrace... and that is not a solution really.

The workaround I found was to disable the injection with the container rules using the namespace of the operators with problems (openshift-monitoring so far).

This started happening after the Operator for that application was updated. It's possible that the previous version of the pod was not restarted and for that, we didn't notice the error before.

ps: I did create a ticket: https://support.dynatrace.com/supportportal/browse/SUP-65923 I'm just asking in case someone already report it before and had an answer.

4 REPLIES 4

pahofmann
Champion

We are also running into this issue. Did you find a solution or got an answer from support?

Hi Pahofmann.

There was a patch that was pushed in v1.209 for this issue regarding SELinux.

-Michael

 

Hi! didn't get an alert about the question. As @michael_bonner said the problem looks resolved as far as OA209 was installed. Operators stop crashing.

 

We did get reports from a client that said that it was happening.. randomly even with 209. But why didn't get any info/log to look any further.

 

The tip (Client was in ARO (Azure Openshift)) was the host logs and check for the journal entry for AVC and oneagentdynamizer. For additional info, this was ONLY happening in GO runtime pods (Not only operators). 

 

Cheers.

 

Customer updated now and issue was gone with agent OA 209.