Package: netdata Version: 1.9.0+dfsg-1 Dear maintainer,
When installing netdata in a (LXD) container I noticed the setcap call would fail during postinst. I believe this is because file capabilities can only be set in the original namespace unless you run a 4.14+ kernel which includes [1]. Please consider the attached patch that will gracefully fallback to setuid apps.plugin in case of setcap failure. Upstream does something similar [2]. Regards, Simon 1: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8db6c34f1dbc8e06aa016a9b829b06902c3e1340 2: https://github.com/firehol/netdata/blob/master/netdata-installer.sh#L822
diff -Nru netdata-1.9.0+dfsg/debian/netdata.postinst.in netdata-1.9.0+dfsg/debian/netdata.postinst.in
--- netdata-1.9.0+dfsg/debian/netdata.postinst.in 2018-01-26 23:57:51.000000000 +0000
+++ netdata-1.9.0+dfsg/debian/netdata.postinst.in 2018-01-28 23:20:51.000000000 +0000
@@ -23,7 +23,8 @@
fi
chown -R root:netdata /usr/lib/@DEB_HOST_MULTIARCH@/netdata/plugins.d
- setcap cap_dac_read_search,cap_sys_ptrace+ep /usr/lib/@DEB_HOST_MULTIARCH@/netdata/plugins.d/apps.plugin
+ setcap cap_dac_read_search,cap_sys_ptrace+ep /usr/lib/@DEB_HOST_MULTIARCH@/netdata/plugins.d/apps.plugin || \
+ chmod 4754 /usr/lib/@DEB_HOST_MULTIARCH@/netdata/plugins.d/apps.plugin
chown netdata:adm /var/log/netdata
chmod 02750 /var/log/netdata
signature.asc
Description: OpenPGP digital signature
