You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The permissions/ownership tests on etc data-dir (1.4.11 & 12) fail even though things are set correctly. The problem seems to be with the start of the check:
ps -ef | grep $etcdbin | ...
I set verbose log level, and get:
`20917 util.go:278] Substituting $etcdbin with 'etcd'
So we grep for etcd on the process list, which unfortunately also hits the kube-apiserver process, since that contains the string etcd in its argument list (--etcd-servers). kube-bench then correctly complains:
I0618 08:45:40.804145 19160 check.go:161] failed to run: ps -ef | grep etcd | grep -v grep | sed 's%.*data-dir[= ]\([^ ]*\).*%\1%' | xargs stat -c %a
failed command:[xargs stat -c %a], error: exit status 123
Changing according grep in the check to `grep -E "\s+$etcdbin\s+" did work, but that might still not be the safest way to do that.
The text was updated successfully, but these errors were encountered:
The permissions/ownership tests on etc data-dir (1.4.11 & 12) fail even though things are set correctly. The problem seems to be with the start of the check:
ps -ef | grep $etcdbin | ...I set verbose log level, and get:
`20917 util.go:278] Substituting $etcdbin with 'etcd'
So we grep for
etcdon the process list, which unfortunately also hits the kube-apiserver process, since that contains the stringetcdin its argument list (--etcd-servers). kube-bench then correctly complains:Changing according grep in the check to `grep -E "\s+$etcdbin\s+" did work, but that might still not be the safest way to do that.
The text was updated successfully, but these errors were encountered: