Closed barlik closed 3 years ago
Thanks for reporting. Sounds similar to #42
Hi, I've just tried v1.0.1
and the issue is still present.
Version: 0ee95f1
Commit: 0ee95f156d30ff3b2d7fad2a114c98ad4bab341a
Branch: HEAD
GoVersion: 1.13
Had a look at the code, the problem seems to be here:
https://github.com/amimof/node-cert-exporter/blob/d25cd15ea624cf023f11cfbc0be3648fc27b1b46/pkg/exporter/exporter.go#L26
where filepath.Walk
function calls lstat()
on every file in a directory, but SELinux blocks lstat()
calls when a file has incorrect SELinux context. This then causes Walk
function to prematurely exit a couple of lines later.
err := filepath.Walk(p, func(path string, info os.FileInfo, err error) error {
...
if err != nil {
return err
}
...
})
if err != nil {
return nil, err
}
BTW: v1.0.1
seems to have been built using a git hash that's no longer available.
@barlik Yeah I discovered the same thing. Thanks for the PR. v1.0.1 should be this commit https://github.com/amimof/node-cert-exporter/commit/d25cd15ea624cf023f11cfbc0be3648fc27b1b46
Description Exporter fails to examine all certificates in a directory when there's a single file with wrong SELinux context set.
Steps to reproduce the issue:
setenforce 1
chcon -t admin_home_t /etc/origin/test-bundle.crt
runcon -u system_u -r system_r -t container_t ./node-cert-exporter-linux-amd64 --path /etc/origin/
Describe the results you received: No metrics exposed.
Describe the results you expected: Metrics exposed for all certificates barring the single cert (file) with wrong file permissions (SELinux context).
Additional information:
Output of
node-cert-exporter --version
:Additional environment details: Red Hat Enterprise Linux Server release 7.6