Starting Netdata logs errors about missing CAP_DAC_READ_SEARCH on the debugfs.plugin (see below). Reproducible: Always Steps to Reproduce: 1. systemctl start netdata 2. journalctl -u netdata.service -p err Actual Results: debugfs.plugin[123]: debugfs.plugin should run with CAP_DAC_READ_SEARCH. debugfs.plugin[123]: debugfs.plugin should either run as root (now running with uid 290, euid 290) or have special capabilities. Without these, debugfs.plugin cannot access /sys/kernel/debug. To enable capabilities run: sudo setcap cap_dac_read_search,cap_sys_ptrace+ep /usr/libexec/netdata/plugins.d/debugfs.plugin; To enable setuid to root run: sudo chown root:netdata /usr/libexec/netdata/plugins.d/debugfs.plugin; sudo chmod 4750 /usr/libexec/netdata/plugins.d/debugfs.plugin; Expected Results: No errors should be logged. This can be fixed by replacing FILECAPS=( 'cap_dac_read_search,cap_sys_ptrace+ep' 'usr/libexec/netdata/plugins.d/apps.plugin' ) with FILECAPS=( 'cap_dac_read_search,cap_sys_ptrace+ep' 'usr/libexec/netdata/plugins.d/apps.plugin' 'usr/libexec/netdata/plugins.d/debugfs.plugin' )
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a663b4e963993b37712867ebddf2d583fc66df06 commit a663b4e963993b37712867ebddf2d583fc66df06 Author: Craig Andrews <candrews@gentoo.org> AuthorDate: 2023-08-21 13:24:07 +0000 Commit: Craig Andrews <candrews@gentoo.org> CommitDate: 2023-08-21 13:25:43 +0000 net-analyzer/netdata: add 1.42.1 Closes: https://bugs.gentoo.org/912345 Signed-off-by: Craig Andrews <candrews@gentoo.org> net-analyzer/netdata/Manifest | 1 + net-analyzer/netdata/netdata-1.42.1.ebuild | 163 +++++++++++++++++++++++++++++ net-analyzer/netdata/netdata-9999.ebuild | 6 +- 3 files changed, 168 insertions(+), 2 deletions(-)
