Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dynatrace Guide
Dynatrace Guide

There are two workarounds that can be used on Linux to fully prevent the loading of the process module.

This can be useful for applications you don't want or need to instrument. For instance if the process module is causing crashes in some application.


LD_AUDIT environment variable

You can prevent the process module from being loaded by setting the LD_AUDIT environment variable to point to the library provided with the agent installation. This is a special "auditing" library that will be called by the Linux loader on process startup and which can then block the loading of the process module into that process. In a default full stack agent installation the correct value would be the following:




Important notes:

  • The auditing interface using the LD_AUDIT environment variable is only available on glibc based Linux systems (which covers almost all distributions except Alpine Linux)
  • The current implementation will cause the following error to be printed in the terminal: ERROR: object '/$LIB/' from /etc/ cannot be preloaded (cannot open shared object file): ignored. This is not a problem and is simply a sign that the audit library is working correctly.

Separate mount namespace

The second alternative is to run the problematic program in a separate mount namespace and mount an empty file on top of /etc/ within that namespace. This basically hides the existence of the process module from that program while having no impact on the rest of the system. This can be achieved using the unshare command (with root rights):


unshare -m -- sh -c 'mount --bind /dev/null /etc/ && <program to execute>


For a permanent effect, the customer might have to add this command to some kind of a startup script or a systemd service file. In case they don't want to start the program as root, one can extend the command to run the final program as some other user like this:


unshare -m -- sh -c 'mount --bind /dev/null /etc/ && su -c "<program to execute>" <user>'


The above command is, for example, necessary in case of a systemd service file where the user has been set to a non-root user. So a service file like this...:




... needs to be modified into something like this:


ExecStart=/usr/bin/unshare -m -- /bin/sh -c 'mount --bind /dev/null /etc/ && su -c "/path/to/binary" someuser'



Version history
Last update:
‎29 May 2023 08:07 AM
Updated by:
DynaMight Legend
DynaMight Legend

Thanks for sharing this work around @danmichael