diff options
| author | Ilya Mashchenko <ilya@netdata.cloud> | 2023-08-16 18:26:29 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-16 18:26:29 +0300 |
| commit | e3f1c5f33f4b3e1615613b93ad573d8c12158dc4 (patch) | |
| tree | 7e14cae2ff35ad962914e7fe0c2f4f4c4f10ca1e /netdata-installer.sh | |
| parent | 9b6f75e3384007c98264991b643440ff9a26617e (diff) | |
installer setuid fallback for perf and slabinfo plugins (#15807)
Diffstat (limited to 'netdata-installer.sh')
| -rwxr-xr-x | netdata-installer.sh | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/netdata-installer.sh b/netdata-installer.sh index e5fe2998bf..158fb1bebf 100755 --- a/netdata-installer.sh +++ b/netdata-installer.sh @@ -1254,6 +1254,36 @@ if [ "$(id -u)" -eq 0 ]; then fi fi + if [ -f "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin" ]; then + run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin" + capabilities=0 + if ! iscontainer && command -v setcap 1>/dev/null 2>&1; then + run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin" + if run sh -c "setcap cap_perfmon+ep \"${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin\" || setcap cap_sys_admin+ep \"${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin\""; then + capabilities=1 + fi + fi + + if [ $capabilities -eq 0 ]; then + run chmod 4750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin" + fi + fi + + if [ -f "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/slabinfo.plugin" ]; then + run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/slabinfo.plugin" + capabilities=0 + if ! iscontainer && command -v setcap 1>/dev/null 2>&1; then + run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/slabinfo.plugin" + if run setcap cap_dac_read_search+ep "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/slabinfo.plugin"; then + capabilities=1 + fi + fi + + if [ $capabilities -eq 0 ]; then + run chmod 4750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/slabinfo.plugin" + fi + fi + if [ -f "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/freeipmi.plugin" ]; then run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/freeipmi.plugin" run chmod 4750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/freeipmi.plugin" @@ -1269,18 +1299,6 @@ if [ "$(id -u)" -eq 0 ]; then run chmod 4750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/xenstat.plugin" fi - if [ -f "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin" ]; then - run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin" - run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin" - run sh -c "setcap cap_perfmon+ep \"${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin\" || setcap cap_sys_admin+ep \"${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/perf.plugin\"" - fi - - if [ -f "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/slabinfo.plugin" ]; then - run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/slabinfo.plugin" - run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/slabinfo.plugin" - run setcap cap_dac_read_search+ep "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/slabinfo.plugin" - fi - if [ -f "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/ioping" ]; then run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/ioping" run chmod 4750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/ioping" |