Closed badeball closed 4 years ago
Looks like this is a new feature in systemd version 241 (minikube uses version 240):
https://github.com/systemd/systemd/blob/ecebd1ecf815648cf91749301a648169d07c0046/NEWS#L53
While this will hopefully improve the security of most installations, it is technically a backwards incompatible change
Basically root is not allowed to read the users files, which breaks github.com/juju/mutex
To reproduce:
sudo sysctl fs.protected_regular=1
$ touch /tmp/foo
$ chmod 600 /tmp/foo
$ sudo tee /tmp/foo
tee: /tmp/foo: Åtkomst nekas
^C
To disable:
sudo sysctl fs.protected_regular=0
The best long-term fix here would be to stop having to run minikube with sudo... That would also fix all the file permission issues and other things: see #3760
⚠️ kubectl and minikube configuration will be stored in /root
⚠️ To use kubectl or minikube commands as your own user, you may need to relocate them. For example, to overwrite your own settings, run:
▪ sudo mv /root/.kube /root/.minikube $HOME
▪ sudo chown -R $USER $HOME/.kube $HOME/.minikube
That's some catch, very good job! It does indeed seems to be the issue.
I'm very much looking forward to the day when sudo won't be necessary. I the meantime I think I will resort to using the virtualbox driver.
I'm going to go ahead and close this issue as it seems resolved for @badeball -- if you need to reopen at any time, please comment /reopen
on this issue.
We can track the broader issue of using none without sudo here: #3760
I stumbled upon this the cli helpfully brought mere here:
💡 Suggestion: Run 'sudo sysctl fs.protected_regular=1', or try a driver which does not require root, such as '--driver=docker'
⁉️ Related issue: https://github.com/kubernetes/minikube/issues/6391
Interestingly the suggestion sudo sysctl fs.protected_regular=1
should besudo sysctl fs.protected_regular=0
, right? Should I open a separate issue for this?
@FlorianLudwig : It was fixed in 644b41989ddc5a43e9960aaad37484fea77703c4
Failed to start none bare metal machine. Running "minikube delete" may fix it: boot lock: unable to open /tmp/juju-mkc8ab01ad3ea83211c 505c81a7ee49a8e3ecb89: permission denied
WHAT HAPPENED**
root@ip-172-31-42-227:/home/ubuntu# sudo minikube start --force
X Exiting due to HOST_JUJU_LOCK_PERMISSION: Failed to start host: boot lock: unable to open /tmp/juju-mkc8ab01ad3ea83211c505c81a7ee49a8e3ecb89: permission denied
_WHEN START _MINIKUBE__
OPERATIING SYSTEM --ubuntu
DRIVER --docker
Change the recursive Permissions to root on /tmp folder chown -R root:root /tmp It worked for me in kubernetes version 1.26
The exact command to reproduce the issue:
The full output of the command that failed:
(Sorry, my terminal isn't so fancy.)
The mentioned file has the following permissions and ownership.
For reference, «jonas» is the user I am invoking
sudo
as.Interestingly, I can log in as root (ie.
SUDO_UID
andSUDO_GID
won't be present) and run the same commands successfully.However, nothing seems to be actually stopped, all the containers are still running.
The output of the
minikube logs
command:The operating system version:
I use Arch Linux btw.