12:42 a.m.
Hello,
We have containers with SuSE Linux SLES 15 SP6 and detected the
following issue: We can not inspect processes as user root, for example:
ebe6737da6e8:~ # ps ax | tail -3
10924 ? Ss 0:00 postgres: sisis sisis 127.0.0.1(35456) idle
11037 pts/0 R+ 0:00 ps ax
11038 pts/0 S+ 0:00 tail -3
ebe6737da6e8:~ # lsof -p 10924 | head -3
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
postmaste 10924 postgres cwd unknown /proc/10924/cwd (readlink:
Permission denied)
postmaste 10924 postgres rtd unknown /proc/10924/root (readlink:
Permission denied)
It only works as the user who owns the process, in this case the PID 10924
the user 'postgres':
ebe6737da6e8:~ # su - postgres
postgres@ebe6737da6e8:~> lsof -p 10924 | head -3
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
postmaste 10924 postgres cwd DIR 0,60 1024 10816610
/data/postgresql151/data
postmaste 10924 postgres rtd DIR 0,60 1024 11934131 /
postgres@ebe6737da6e8:~>
Why 'root' is not allowed to do this?
matthias
--
Matthias Apitz, ✉ guru(a)unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Annalena Baerbock: "We are fighting a war against Russia ..." (25.1.2023)
I, Matthias, I am not at war with Russia.
Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.