From e46bc3535019ac598bdecdaa04ba96cc6bb66c18 Mon Sep 17 00:00:00 2001 From: Denis Date: Fri, 5 Jul 2024 19:55:55 +0200 Subject: [PATCH] Fix wrong binary for setting capabilities (#5070) Since we transitioned to `agentbeat` we now need to use `setcap` on a different binary. --- changelog/fragments/1720195309-add-agentbeat-capabilities.yaml | 3 +++ .../packaging/templates/docker/Dockerfile.elastic-agent.tmpl | 3 +-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 changelog/fragments/1720195309-add-agentbeat-capabilities.yaml diff --git a/changelog/fragments/1720195309-add-agentbeat-capabilities.yaml b/changelog/fragments/1720195309-add-agentbeat-capabilities.yaml new file mode 100644 index 00000000000..fe16bf50217 --- /dev/null +++ b/changelog/fragments/1720195309-add-agentbeat-capabilities.yaml @@ -0,0 +1,3 @@ +kind: bug-fix +summary: Use setcap on a correct agentbeat binary +component: "elastic-agent" diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index 81fab29041a..67a964dbd9a 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -144,7 +144,7 @@ RUN mkdir /app && \ {{- end }} # Keep this after any chown command, chown resets any applied capabilities -RUN setcap cap_net_raw,cap_setuid+p {{ $beatHome }}/data/elastic-agent-{{ commit_short }}/components/heartbeat && \ +RUN setcap cap_net_raw,cap_setuid+p {{ $beatHome }}/data/elastic-agent-{{ commit_short }}/components/agentbeat && \ {{- if .linux_capabilities }} # Since the beat is stored at the other end of a symlink we must follow the symlink first # For security reasons setcap does not support symlinks. This is smart in the general case @@ -240,4 +240,3 @@ RUN echo -e '#!/bin/sh\nexec /usr/local/bin/docker-entrypoint' > /app/apm.sh && {{- else }} ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-entrypoint"] {{- end }} -